The New Wave of Security Threats
New AI tools are discovering older vulnerabilities in software, as well as new ones. Get ready for a bunch of patches to come out.
2026-05-09
136 reads
Security
Securing Your Databases in 2026: Best Practices for the Evolving Threat Landscape
In 2026, your approach to both applications and databases must be focused on practical and technical real-world operations and use cases rather than just hype.
2026-02-16
Exploiting SQL Server Date Correlation Optimization: How Tampered Backups Enable Cross-Database Data Leaks
This article reveals a critical SQL Server flaw: attackers can weaponize Date Correlation Optimization (DCO) views in restored backups
2026-02-13
No Defaults Passwords Ever
Steve doesn't see a reason why we should have default passwords on systems ever.
2026-01-17
69 reads
Minimally Viable Security
Today Steve talks about the need for a basic level of security in our software.
2026-01-05
78 reads
SQL Server DBaaS Vulnerability: Decrypting System Code & Exfiltrating User Data
Security in cloud environments is both challenging and fascinating, particularly for Database-as-a-Service (DBaaS) offerings like Amazon RDS, GCP CloudSQL and Alibaba ApsaraDB RDS. The cloud vendor acts as the system administrator, managing the operating system, patching, and backups, while the user manages their data and databases.
2025-12-03
2025-10-15
110 reads
The Security of Old Tech
Older technology can introduce security issues, along with performance ones. Keeping your systems somewhat up to date is important for security.
2025-09-12
78 reads
Password Guidance
Passwords are essential and also a problem in many organizations. Guidance has changed over the years and Steve has a few thoughts on what's recommended today.
2025-09-10
137 reads
Zero-Trust Architecture for Cloud-Based AI Systems
Zero-Trust Architecture (ZTA) emerges as a strong security paradigm for cloud-based AI systems, fundamentally operating on the principle of “never trust, always verify.” Unlike conventional security models, ZTA assumes potential compromise exists within the network and requires continuous verification of every access request regardless of origin.
2025-07-09
Blogs
Automatic Index Compaction
By ReviewMyDB
Index maintenance has always meant nightly jobs and a window you have to defend....
Monday Monitor Tips: Virtual Machine Usage and Cost
By Steve Jones
One of the things I’ve been requesting for a number of years is cost...
Advice I Like: Respect
By Steve Jones
“Don’t aim to have others like you; aim to have them respect you.” –...
Forums
SQL Art, Part 4: Happy 4th of July — A British DBA's Guide to Celebrating a War We Don't Talk About
Comments posted to this topic are about the item SQL Art, Part 4: Happy...
SQL Server Still Wins
Comments posted to this topic are about the item SQL Server Still Wins
DBCC CHECKDB Limits I
Comments posted to this topic are about the item DBCC CHECKDB Limits I
Question of the Day
DBCC CHECKDB Limits I
When running DBCC CHECKDB on SQL Server 2025, can I include the Resource Database?
See possible answers