Problems displaying this newsletter? View online.
SQL Server Central
Featured Contents
Question of the Day
Redgate SQL Change Automation
The Voice of the DBA
 

Protecting Code

There are so many data breaches taking place, that it's hard to keep track of them. While I rarely find my email in any of the breaches loaded into haveibeenpwned.com, I do see Mr. Hunt regularly loading more data sets into the database. I don't know how many you've been a part of, but I certainly hope you know, and I hope you've changed shared passwords and updated accounts.

While we do need to protect data, we also need to ensure that we protect our code, as that might be where the vulnerabilities lie that others might discover. While I'm not a big fan of encrypting or hiding the code in a database from customers, I certainly don't want that code, or the application code, to be visible to outsiders, especially potential hackers.

While your team might not be are careless as the Boeing research team, I'd hope that you don't expose your code on the Internet, as they did. Perhaps more importantly, I hope no one does a Black Hat talk about potential issues in your code. A researcher did this to Boeing, talking about potentially being able to jump from a customer network and application to a more privileged one to the command and control network. Boeing denies this is possible, and I'm not worried about my future Dreamliner flights, but I think Boeing should do more publicly here. Let the researcher have a few days on a plane and truly pen test the software.

I've seen lots of "hidden" features in software that administrators use to get work done. I've seen sloppily written tooling that solves a problem and isn't intended for general use. I've also see far too many of these features "discovered" by ordinary users. Even assuming your internal network is completely free of malicious users is a bad idea. We've seen plenty of viruses and trojan software that can be used maliciously.

We don't want to lock our networks and applications so tightly that we create impediments to work, but we certainly can do better jobs in limiting access, keeping tight privileges, ensuring administrative accounts are protected and more. Those might be hard to get done today, but you certainly can prevent simple things, like securing your VCS. Don't use public places like GitHub, or ensure you have private repositories that only your organization can see. It's not perfect, but it does stop the researchers and lazy criminals that are just scanning for easy targets on the Internet.

Steve Jones - SSC Editor

Join the debate, and respond to today's editorial on the forums

Redgate SQL Change Automation
 
  Featured Contents
Stairway to Database Source Control

Stairway to Database Source Control Level 1: Setting Up For Database Source Control

Dave Green from SQLServerCentral.com

The first level of this stairway introduces the basics of source control, some common technologies and technologies, and demonstrates how to start versioning a SQL Server database.

Proactively monitor your SQL Server estate with SQL Monitor 9

Additional Articles from Redgate

Learn how you can gain estate-wide views of disk space usage, backups and other jobs, and application of recent SQL Server updates and patches, with SQL Monitor 9’s Estate pages. Using this feature, teams can review the overall health of all their servers and databases, identify potential issues before they escalate into real problems, and assign priorities, proactively.

SQL Server Database Activity Based on Transaction Log Backup Size

Additional Articles from MSSQLTips.com

In this tip we look at some scripts you can use to monitor your database activity and usage based on the size of the SQL Server transaction log backups.

Free eBook: SQL Server Internals: In-Memory OLTP

Press Release from Redgate

In this free eBook, Kalen Delaney explains how Microsoft's 2016 In-memory OLTP engine works. In her book, learn how to use lock- and latch-free data structures to allow non-blocking data processing, and find out how to migrate existing tables to Hekaton.

From the SQL Server Central Blogs - Profiler and Trace vs. Extended Events

Grant Fritchey from The Scary DBA

It’s a running joke among the more experienced (read, older) Microsoft Data Platform specialists as to whether you’re #teamprofiler or #teamexevents. I’m very much #teamexevents, but I really don’t...

From the SQL Server Central Blogs - Troubleshooting “Could not obtain information about Windows NT group/user”

spaghettidba from SpaghettiDBA

This is one of those typical blog posts that I write for my future self, the guy who keeps fixing the same stuff over and over and forgets what...

 

  Question of the Day

Today's question (by Steve Jones - SSC Editor):

 

Splitting the time

I have a time string that is formatted like this:
myString = '28/08/2019'
I have loaded the time module and want to change this to the struct_time format, the same as returned by time.localtime().
>>> import time
>>> time.localtime()
time.struct_time(tm_year=2019, tm_mon=8, tm_mday=22, tm_hour=8, tm_min=18, tm_sec=20, tm_wday=3, tm_yday=234, tm_isdst=1)
What method should I use?

Think you know the answer? Click here, and find out if you are right.

 

 

  Yesterday's Question of the Day (by Evgeny Garaev)

SQL Server Transaction Log Architecture

I have a database on a SQL Server 2017 instance. The database has a 1 GB transaction log file with the growth set to 100 MB. When the auto growth of the transaction log file happens, how many VLFs will be created?

Answer: 1

Explanation: If the next growth is less than 1/8 of current log physical size, then 1 VLF that covers the growth size (Starting with SQL Server 2014 (12.x)) Ref: SQL Server Transaction Log Architecture and Management Guide - https://docs.microsoft.com/en-us/sql/relational-databases/sql-server-transaction-log-architecture-and-management-guide?view=sql-server-2017

Discuss this question and answer on the forums

 

 

 

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.


SQL Server 2017 - Administration
SQL Login Issues between replicated VM's - The issue is that this server (BFS-DEV02) in a virtual clone of another server (BFS-DEV01). Within SQL Server, windows login BFS-DEV02\Administrator is being viewed by SQL Server AS BFS-DEV01\Administrator. Here are some screen shots shows what I mean about the logins…I believe what we ultimately want is to remove BFS-DEV01\Administrator and make it BFS-DEV02\Administrator.   […]
Always on - Planing to go with SQL Server 2017/2019 for Biztalk latest version of 2019/2020. So i would like to go with Always as DR option. Do you guys have seen any issues setting up always on for Biztalk DB server ? If yes, what are the issues have you seen for setting up always on with […]
SQL Server 2016 - Administration
Can't drop database in "restoring" state from secondary instance of AG - MSSQL version: 2016 (13.0.5026.0) Situation: Removed a database from an availability group so it could be restored. When I'm ready to add it back to the group, I go to drop the copy on the secondary instance. It's in the "restoring" state, but that's ok, that's what's expected. But when I try to drop the […]
Extended events - I'm trying to teach myself ExtendedEvents (trying to move from profiler). I've attached a configuration and the output. I've got 'statement' selected in event fields and 'sql text' selected in global fields but the output doesn't show the sql statement that has been run and I'm not sure why?  
AOAG Secondary Checkdb - I'm looking into setting up a AOAG with a DR server which will have the option as NO for readable secondary. Under my understanding will mean I will not have to license the DR box. As best practise (Brent Ozar advice) indicates CHECKDB should be preformed all on nodes as they reside on different disks. […]
SQL Server 2016 Archive Strategy advice. - Greetings. I’m after some advice. I’m helping a colleague with a SQL Server 2016 database that is getting quite large and they are considering an archive strategy. The database essentially stores data from a number of sensors on machines that are building stuff. Readings are taken every 1, 5 and 10 seconds from a variety […]
Multiple tables created in CDC - Hello Team, I have enabled CDC for a particular database in SqlServer and enabled it for multiple tables. I see duplicate tables have been created for each of the table that I have enabled CDC. Is it by design or have I done anything wrong in configuration. Thanks
2 core machine with 4 Tempdb files - Just curious if there is a performance hit by having 4 tempdb files with a 2 core machine? running SQL 2016 (SP2 CU7 +GDR)  
User datareader access problem - I went to give a user (via AD account) datareader access to a number of databases. Everything seemed alright, her read permissions show up in server level security, and in each of the assigned databases. However she still cannot view them, getting a 'not accessible' message. If I try viewing tables in these databases 'execute […]
SQL Server 2016 - Development and T-SQL
sp_executesql with multiple parameters - I'm trying to write a stored procedure that will select the entire table if all parameters are null, otherwise select the table filtered by the non-null parameters using an AND condition. Here is some skeleton code: DECLARE @ProjectID VARCHAR(100) = 300; DECLARE @ProjectName VARCHAR(100) = 'Some project name'; DECLARE @sql NVARCHAR(4000) = '' SET @sql […]
Administration - SQL Server 2014
Upgrade to SQL Server 2008 R2 SP2 from SQL Server 2005 SP3 - Hello, I noticed that SQL Server 2005 SP3 is not in the in the supported version to be upgraded to SQL Server 2008 R2 as shown in the link below. Please let me know if there any issues with in place upgrade.   thanks iosman
Data source error - Security protocol not supported - Hi Experts, I have a report that fetches data from a cube .I have an issue with a data source which is returning an error "Security protocol not supported".This is only happening in SSRS reporting server  after deployment but in visual studio the report is working perfect.I have been working on this without no success. […]
Development - SQL Server 2014
How to copy rows from the same table and update the ID column? - I appreciate it is utterly trivial question, and yet... When you have a small amount of columns, there is a simple solution, sort of INSERT INTO myTable SELECT MAX(table_id) + 1, column2, column3 FROM myTable WHERE table_id IN (SELECT list of table id's to be replicated); alas I have circa 200 columns, so I don't want […]
Reporting Services
ReportServer Database upgrade fails - I've tried several times to successfully  migrate a SQL Server 2008R2 ReportServer and ReportServerTempDB to SQL Server 2017.  Every time it fails and one of the log files says that the database upgrade failed. I install SSRS 2017 but don't configure.  I backup the 2008R2 SSRS databases and the encryption key.  This database is joined […]
SQLServerCentral.com Website Issues
Website search - Does SQLServerCentral have any advanced search features, or can anyone share any tips?  Does everyone just use google with site:sqlservercentral.com?
 

 

RSS FeedTwitter

This email has been sent to {email}. To be removed from this list, please click here. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com.
©2019 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
webmaster@sqlservercentral.com

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -