The New Wave of Security Threats
New AI tools are discovering older vulnerabilities in software, as well as new ones. Get ready for a bunch of patches to come out.
2026-05-09
106 reads
Security
Securing Your Databases in 2026: Best Practices for the Evolving Threat Landscape
In 2026, your approach to both applications and databases must be focused on practical and technical real-world operations and use cases rather than just hype.
2026-02-16
Exploiting SQL Server Date Correlation Optimization: How Tampered Backups Enable Cross-Database Data Leaks
This article reveals a critical SQL Server flaw: attackers can weaponize Date Correlation Optimization (DCO) views in restored backups
2026-02-13
No Defaults Passwords Ever
Steve doesn't see a reason why we should have default passwords on systems ever.
2026-01-17
68 reads
Minimally Viable Security
Today Steve talks about the need for a basic level of security in our software.
2026-01-05
76 reads
SQL Server DBaaS Vulnerability: Decrypting System Code & Exfiltrating User Data
Security in cloud environments is both challenging and fascinating, particularly for Database-as-a-Service (DBaaS) offerings like Amazon RDS, GCP CloudSQL and Alibaba ApsaraDB RDS. The cloud vendor acts as the system administrator, managing the operating system, patching, and backups, while the user manages their data and databases.
2025-12-03
2025-10-15
110 reads
The Security of Old Tech
Older technology can introduce security issues, along with performance ones. Keeping your systems somewhat up to date is important for security.
2025-09-12
75 reads
Password Guidance
Passwords are essential and also a problem in many organizations. Guidance has changed over the years and Steve has a few thoughts on what's recommended today.
2025-09-10
137 reads
Zero-Trust Architecture for Cloud-Based AI Systems
Zero-Trust Architecture (ZTA) emerges as a strong security paradigm for cloud-based AI systems, fundamentally operating on the principle of “never trust, always verify.” Unlike conventional security models, ZTA assumes potential compromise exists within the network and requires continuous verification of every access request regardless of origin.
2025-07-09
Blogs
ISACA AI Material/Exam Prep Discount (May 18 – June 30, 2026)
By Brian Kelley
If you are considering any of the ISACA AI certs like the Advanced Artificial...
A Fabric solution can be very cost effective
By ChrisJenkins
Are you currently using Microsoft Fabric or considering migrating to it? If so, there...
Track SQL Server Configuration Changes Using the Error Log
By SQLPals
Track SQL Server Configuration Changes Using the Error Log If you...
Forums
We Are Eating Our Own Seed Corn
Comments posted to this topic are about the item We Are Eating Our Own...
Before Using AI with Business Data, Read This
Artificial intelligence tools are quickly becoming part of daily business operations, from document analysis...
Designing SQL Server ETL Pipelines That Don't Break at Scale
Comments posted to this topic are about the item Designing SQL Server ETL Pipelines...
Question of the Day
Detecting Deadlocks Quickly
In the Database Engine, when a deadlock is detected, what does the detection interval shrink to (in time)?
See possible answers