One of the main defenses touted against SQL injection attacks is to use proper parameterization at the application layer. But while this gets most of the cases, there are clearly examples where this alone fails. For instance, consider the stored procedure...
2009-05-20
3,948 reads
Question: What mechanism allows SQL Server 2008 to commit transactions on the mirror faster than SQL Server 2005? This question was asked on a technical discussion group. My reply follows.
2009-05-19
3,115 reads
OK….so I’m in the middle of a very interesting Effective Dating project…basically we’re dealing with some tables that only store current data, but there is a need for future-dated data as well. Because the base table can’t hold that data...
2009-05-18
3,057 reads
Most of us are tired of this overused, vague term. How many of you have clicked on a 'DBA' job posting only to find that it's not what you do? Or asked for a DBA resume from a recruiter and gotten something other than what you expected? Or...
2009-05-14
1,999 reads
While perusing some of the threads on SQLServerCentral.com one of the questions that hit me was regarding the use of scalar functions in queries. In this particular case, in the column list of a SELECT statement. Did it make sense to encapsulate a routine...
2009-05-12
1,958 reads
As I've mentioned in earlier posts (Part 1, Part 2, Part 3) I've engaged speaking and networking Don Gabor to help me build my skills. I recently had my second coaching session and wanted to share more of what I've learned so far.
2009-05-11
1,479 reads
I've been tech editing an encryption book for SQL Server. It's long overdue, and I think it will be a nice addition to any DBA's library. It also addresses a complicated subject that Books Online has inadequately covered. In fact, they've...
2009-05-08
2,065 reads
If you own a business, I believe that you have a right to make more money than the rest of your employees. You are taking on a risk, and greater risk should result in greater reward, at least that’s how capitalism is supposed to work. But what about management...
2009-05-06
1,969 reads
In my security presentations, another basic I talk about is defense-in-depth. The idea here is to produce multiple layers of protection against a particular attack. For instance, imagine malicious code against your home computer. This is a case where...
2009-05-05
1,971 reads
I've written quite a few posts lately on networking and a very common question is - where's the results? What do I get out of all the effort, and so far my best (if lame) answer is that networking is an investment based on faith that...
2009-04-30
1,511 reads
By Steve Jones
It’s Prime Day. A few of my recommendations, since I want to do some...
With Fabric Mirroring, Microsoft is promoting a nice and appealing story for operational reporting...
If you’ve been watching AI roll through the data community and thinking, “this seems...
Comments posted to this topic are about the item SQL Art, Part 4: Happy...
Hi All I am trying to find 'bad' characters that users might type in....
Comments posted to this topic are about the item Extreme DAX: Take your Power...
I set up a few users on my SQL Server 2022 instance.
CREATE LOGIN User1 WITH PASSWORD = 'Demo12#1' CREATE USER User1 FOR LOGIN User1 GO CREATE LOGIN User2 WITH PASSWORD = 'Demo12#2' CREATE USER User2 FOR LOGIN User2 GO CREATE LOGIN User3 WITH PASSWORD = 'Demo12#3' CREATE USER User3 FOR LOGIN User3 GOI then created a schema that one of them owned. Under this schema, I added a table with some data.
CREATE SCHEMA MySchema AUTHORIZATION User1
GO
CREATE TABLE Myschema.MyTable(myid INT)
GO
INSERT MySchema.MyTable
(
myid
)
VALUES
(1), (2), (3)
GO
SELECT * FROM MySchema.MyTable
GO
I granted rights and verified that User2 could access this table.
GRANT SELECT ON Myschema.MyTable TO User2 GO SETUSER 'USER2' GO SELECT * FROM MySchema.MyTable GOThis worked. Now, I move this schema to a new user.
ALTER AUTHORIZATION ON SCHEMA::Myschema TO User3; GOWhat happens with this code?
SETUSER 'USER2' GO SELECT * FROM MySchema.MyTable GOSee possible answers