Minimally Viable Security
Today Steve talks about the need for a basic level of security in our software.
2026-01-05
67 reads
Security
SQL Server DBaaS Vulnerability: Decrypting System Code & Exfiltrating User Data
Security in cloud environments is both challenging and fascinating, particularly for Database-as-a-Service (DBaaS) offerings like Amazon RDS, GCP CloudSQL and Alibaba ApsaraDB RDS. The cloud vendor acts as the system administrator, managing the operating system, patching, and backups, while the user manages their data and databases.
2025-12-03
2025-10-15
107 reads
The Security of Old Tech
Older technology can introduce security issues, along with performance ones. Keeping your systems somewhat up to date is important for security.
2025-09-12
69 reads
Password Guidance
Passwords are essential and also a problem in many organizations. Guidance has changed over the years and Steve has a few thoughts on what's recommended today.
2025-09-10
131 reads
Zero-Trust Architecture for Cloud-Based AI Systems
Zero-Trust Architecture (ZTA) emerges as a strong security paradigm for cloud-based AI systems, fundamentally operating on the principle of “never trust, always verify.” Unlike conventional security models, ZTA assumes potential compromise exists within the network and requires continuous verification of every access request regardless of origin.
2025-07-09
Cloning Master Admin User Permissions in Amazon RDS for SQL Server with Fine-Grained Control
This article explores how to securely clone the master user permissions in Amazon RDS for SQL Server using a custom stored procedure, usp_rds_clone_login. It outlines a step-by-step process to generate, review, and apply a script that replicates server- and database-level access from the master user to a new login without directly exposing elevated credentials. The guide emphasizes the principle of least privilege, supports named account management, and enables transparent, auditable permission handling for DBAs and applications. Designed for secure and scalable environments, this solution enhances operational security while maintaining administrative flexibility in Amazon RDS.
2025-07-09
639 reads
Are Data Breaches Inevitable?
Steve examines the idea that we might all have a data breach at some point.
2025-05-16
87 reads
More Supply Chain Attacks
Code is vulnerable to supply chain attacks, which aren't something many of us think about.
2025-03-21
106 reads
Lower Your Attack Surface Area
We all know security is important, but we sometimes make the job harder when we don't handle data appropriately.
2025-03-19
165 reads
Blogs
Runing tSQLt Tests with Claude
By Ed Elliott
Running tSQLt unit tests is great from Visual Studio but my development workflow...
Getting Your Data GenAI-Ready: The Next Stage of Data Maturity
By James Serra
I remember a meeting where a client’s CEO leaned in and asked me, “So,...
Learn Better: Pause to Review More
By Brian Kelley
If you want to learn better, pause more in your learning to intentionally review.
Forums
Execute Process Task: Issues encrypting text file using PGP in SSIS 2022
Hello SSC, Has anyone encountered this before??? I have an odd issue that I...
Azure SQL DBA certification
Hello team Can anyone share popular azure SQL DBA certification exam code? and your...
Faster Data Engineering with Python Notebooks: The Fabric Modern Data Platform
Comments posted to this topic are about the item Faster Data Engineering with Python...
Question of the Day
Which Result II
I have this code in SQL Server 2022:
CREATE SCHEMA etl;
GO
CREATE TABLE etl.product
(
ProductID INT,
ProductName VARCHAR(100)
);
GO
INSERT etl.product
VALUES
(2, 'Bee AI Wearable');
GO
CREATE TABLE dbo.product
(
ProductID INT,
ProductName VARCHAR(100)
);
GO
INSERT dbo.product
VALUES
(1, 'Spiral College-ruled Notebook');
GO
CREATE OR ALTER PROCEDURE etl.GettheProduct
AS
BEGIN
exec('SELECT ProductName FROM product;')
END;
GO
exec etl.GettheProduct
When I execute this code as a user whose default schema is dbo and has rights to the tables and proc, what is returned? See possible answers