I’ve grown up reading Tom Clancy and probably most of you have at least seen Red October, so this book caught my eye when browsing used books for a recent trip. It’s a fairly human look at what’s involved in sailing on a Trident missile submarine…
Some of these cool new features include some new DMVs, the AlwaysOn feature, and columnstore indexes.
But did you know that there are some new recommended best practices?
Today, I want to share with you a new best practice that involves table naming schemes.
With the release of SQL 2012, it is now advised that tables be named in such a manner that the name is obfuscated. The reason for this is to slow down any would be attacker from quickly finding which table holds the most sensitive data. Currently it is not too far fetched for an attacker to look in a database and figure out where the orders or customer confidential information may be placed. After all, it is fairly common to name those tables in such a manner that the name describes the data.
Now though, the best practice is pushing in a new direction. And no longer is it even a good idea to use legible words. The drive is for full obfuscation of the table name. In an effort to demonstrate, here is a quick script that will create several tables that are obfuscated in name.
IF not exists (SELECT 1 FROM sys.databases WHERE name = 'Fun') BEGIN CREATE DATABASE Fun END; GO USE Fun; Go SET NOCOUNT ON; GO DECLARE @rocket CHAR(100) DECLARE @boost TINYINT DECLARE @tiers TINYINT DECLARE @maxtiers TINYINT DECLARE @SQL VARCHAR(MAX) DECLARE @overall TABLE (rocket VARCHAR(MAX)); DECLARE @somevar VARCHAR(MAX) ,@someint INT = 0 SELECT @rocket = ' ', @tiers = 1, @boost = 1, @maxtiers = 4 PRINT @rocket INSERT INTO @overall (rocket) VALUES (@rocket); WHILE @tiers < @maxtiers BEGIN SELECT @boost = POWER(@tiers,2) WHILE @boost < 12*@tiers BEGIN SET @rocket = STUFF(@rocket, (DATALENGTH(@rocket)/2)-(@boost/2), @boost,REPLICATE('*', @boost)) UPDATE @overall SET rocket = rocket +CHAR(10) + @rocket SET @SQL = 'Create Table ['+ @rocket + '_'+ CONVERT(VARCHAR,@someint) +'] (someint int);' PRINT @SQL SET @boost = @boost+2 SET @someint = @someint + 1 END SET @tiers = @tiers+1 END SELECT @somevar = rocket FROM @overall PRINT 'The following Tables have been created:' +CHAR(10)+CHAR(13) PRINT @somevar
I like this new standard. Now, I will just design images into my tables that describe the database in whole. As you can see, this particular database would be useful for maybe a space case or maybe a hobbyist with a high enthusiasm for rockets. Or maybe it just works really well for any demo involved with the SQL 2012 Launch. Other than a neat little picture, the tables are completely obfuscated.
Keep best practices in mind whenever designing a database. Maintaining best practices can help protect the data you were hired to manage and protect. In addition to that, make sure you forget every other word of this post. It is complete and utter hogwash. Happy April Fools.