Can't See The Forest For the Logins

  • I'm a developer new to playing this quiz game. It's been educational but this one is a bit frustrating. The question was, "does the login get created?" To extend the answer to the question by extending the answer choices to include an additional conditional question seems to be a bit of a cheat. The question should have been "Which of the following statements is true..." if the intent of the quiz was to identify success/failure of login creation and to understand the check_policy attributes of the create login statement.

  • Tricky one.

    But answer should be raleatd to either Login created or fail. we can not have both. like falied, but if created policy would ignore.

  • I too failed to make the "hardened"-> no AdventureWorks2012 connection and chose 1 and 2.

    The correct answers are fine, though. A conditional statement can be true even if its antecedent is false

    For example, there's no contradiction in "I'm not a millionaire. If I were a millionaire, I'd have more money than I do now." Alas, both are very true in my case. 🙂

    Nice question! It'll definitely make me more careful about QotD in the future.

  • Good question. Thanks Andy.

  • Nice question, thanks.

    Need an answer? No, you need a question
    My blog at https://sqlkover.com.
    MCSE Business Intelligence - Microsoft Data Platform MVP

  • Avi1 (3/28/2014)


    Tricky one.

    But answer should be raleatd to either Login created or fail. we can not have both. like falied, but if created policy would ignore.

    +1

    Thanks & Best Regards,
    Hany Helmy
    SQL Server Database Consultant

  • From the answer: "hardened production instance - no Adventureworks2012 or other sample databases".

    hmmm, good one this!

    Thanks & Best Regards,
    Hany Helmy
    SQL Server Database Consultant

  • My view (yours may vary) is to always use master as the default and always make developers specify the database in their connection strings.

    Yes, my view varies.

    I prefer to set tempdb as the default database - for all users, but especially for myself.

    I have lost track of the number of times I have started creating new objects without remembering to check what database I am in. Now, at least, they are created in a scratch area, and they will automatically be cleaned up the next time we cycle the server (or I restart my laptop, when it's personal work).


    Hugo Kornelis, SQL Server/Data Platform MVP (2006-2016)
    Visit my SQL Server blog: https://sqlserverfast.com/blog/
    SQL Server Execution Plan Reference: https://sqlserverfast.com/epr/

  • Seems a bit cruel (my first instinct was to use a more colloquial term) to start by characterizing such a tricky question as "an easy one for you". In hindsight I suppose it was intended sarcastically, but it's impossible to read it as such initially. Perhaps a wink 😉 or something like that would have made that a bit more obvious, and not left me feeling belittled for getting it wrong. 😉

  • One right, one wrong.... thanks for the question.

    Hope this helps...

    Ford Fairlane
    Rock and Roll Detective

  • Raghavendra Mudugal (3/28/2014)


    (glad to be part of that 5%...)

    Glad to be part of the 17% 🙂

    Thanks & Best Regards,
    Hany Helmy
    SQL Server Database Consultant

  • paul.knibbs (3/28/2014)


    I read the word "hardened" and still got it wrong, probably because "hardened" is such a nebulous term--I had no idea what it meant with relation to SQL server. (Is there actually any reason why you COULDN'T include a sample database like AdventureWorks on a "hardened" server? I don't see that it increases the attack surface notably).

    That's where I went too.

    To provide experience for people working at production sites without access to a playpen machine back at the development centre it's possible that the only place something like adventureworks can usefully be put is on the production machine - if they don't have something to gain experience on as new releases of SQL Server are rolled out they won't be able to do much about dealing with problem, they'll end up referring everythiing back to development. Obviously it's nice if one can avoid it, because it is an increase in the attack surface (an extremely small one, of course) but then putting two different production databases on the same server is just as bad and people do that all the time.

    In fact I think this is a question that can fairly be described as "a trick question".

    Even worse, it's easy to make a case that it's a question designed to give points to the incompetent or the careless; after all, it says "You run the following script", not "A junior DBA runs the following script". To get the right answer requires the answerer to assume that he/she runs, on a hardened production machine, a script which is certaionly inappropriate for that machine, and someone who is neither incompetent nor carless and has had enough experience that checking such things has become second nature is extremely unlikely to make that assumption.

    Tom

  • Hugo Kornelis (3/31/2014)


    My view (yours may vary) is to always use master as the default and always make developers specify the database in their connection strings.

    Yes, my view varies.

    I prefer to set tempdb as the default database - for all users, but especially for myself.

    I'm with Hugo on this one. But on my toy machine I default to my playpen database - because I once hit the downside of a tempdb default when it was a nuisance. The stuff I lost wasnt really lost because I'd saved scripts to generate the objects and the data, but it cost elapsed time because my laptop at the time was pretty slow.

    So default to tempdb or to a database created specifically for the purpose; but if you do the latter you take the pain of having to clean up all the junk.

    Tom

  • lyn.buchanan (3/28/2014)


    Why would you point users to the master database = only administrators should be able to access that database.

    What a nonsence!

    Everybody has access to master database by default.

    If the default database doesn't exist or is unavailable you will fail to login.

    What will happen if you are working with two different applications and its databases are on the same server?

    Lets say your default database is the db from app1

    Now it crashes. What will happen when you start app2?

    Microsoft Certified Master: SQL Server 2008
    MVP - Data Platform (2013 - ...)
    my blog: http://www.sqlmaster.de (german only!)

  • Where does this definition called "hardened" come from ? Is it an Installation Option ? Is it a setting somewhere ? Is it just local knowledge ?

    I don't think that this was a good question.

    David

Viewing 15 posts - 16 through 30 (of 30 total)

You must be logged in to reply to this topic. Login to reply