Problems displaying this newsletter? View online.
SQL Server Central
Featured Contents
Question of the Day
Featured Script
The Voice of the DBA
 

The Security of Old Tech

There has been a lot of news about air traffic problems in the US in 2025. I haven't had any delays due to this, though I've gotten a few messages in my travels that I might want to reschedule. There was an article that some of the technology still used in various facilities is old and needs upgrading. Old as in Windows 95 and floppy disks.

That's old, but obviously it still works. Even with the various accounts of problems, almost every day thousands of flights are managed successfully by the people who run these systems. They're not alone, as the article also points out that some other transit systems make do with technology that most of us would never think of using for any system.

In early 2024, Microsoft was attacked by Midnight Blizzard, a nation-state threat actor that successfully infiltrated a test system and gained access to many other systems inside the Microsoft network. The initial attack was via a password spray attack (guessing multiple passwords), targeting an admin account on a test system that lacked MFA and robust monitoring.

The trouble with air traffic controllers and the Microsoft attack are two disparate events, but they both highlight that there is a lot of older technology in use, even in places like Microsoft, a supposedly cutting-edge company. I'm sure many of you have some older systems inside your organization, hopefully not running Windows 95 or SQL Server 2000, but I routinely run into SQL Server 2008 inside customers.

There have been a lot of changes since the year 2000 with regards to security inside of computer systems. Many software packages have upgraded their security features and configuration in the last 20-plus years to become more robust. These days it seems that most of the software I use requires some sort of authentication besides a password, with lockouts and limits to prevent hackers from easily accessing systems.

This isn't to say that newer technology is fool-proof, but it is more difficult for most hackers, especially the script-kiddies who copy exploit code from others, to break in. A lot of attacks can be prevented by simple changes that limit the ability of malicious users from experimenting over and over with your systems, looking for vulnerabilities.

However, quite a few of those security changes require newer versions. Older technology often works and works well. We feel comfortable with it, and if it's not broken, why fix (or change) it?

I expect a database server to run for 10 years, as it can be hard to find time to constantly upgrade instances. That being said, a ten year old system would be one running SQL Server 2016. Anything older should already be upgraded, with plans to move your 2016 servers to something newer in the next year.

Take advantage of newer technology where you can, and ensure you are patched against known vulnerabilities. If you can't upgrade, then you should secure those systems as tightly as you can, ensure no accounts on them are privileged on other systems, and monitor them constantly for potential issues. Otherwise, I'm not sure you're doing a professional job of managing those servers.

Steve Jones - SSC Editor

Join the debate, and respond to today's editorial on the forums

 
 Featured Contents
SQLServerCentral Article

Revisiting SQL Server Window Functions- A Practical Walkthrough

Chandan Shukla from SQLServerCentral

A look at window functions in SQL and how they can be used to query data without the restrictions of a GROUP BY.

External Article

How to Increase SQL Server Column Width Without IO (Input/Output) Overhead

Additional Articles from SimpleTalk

This article dives into a fun (and interesting!) strategy for widening fixed-width columns in SQL Server, to reduce downtime, risk, and runtime at the time when a column’s data type needs to be changed.

Blog Post

From the SQL Server Central Blogs - AI and Cybersecurity: the Genie is Out of the Bottle

K. Brian Kelley from Databases – Infrastructure – Security

Today's reality is that cybercriminals are increasingly using AI to develop better attacks. This is just the latest reported technique, probably because it's starting to be used more often....

From the SQL Server Central Blogs - The Strategic Imperative of SQL Performance Tuning in Azure

Chris Yates from The SQL Professor

Aligning Technical Excellence with Organizational Agility Tuning SQL performance in Azure transcends routine database management and becomes a strategic imperative when viewed through an executive lens. Slow database operations...

Admin Azure SQL Solutions

Exam Ref DP-300 Administering Microsoft Azure SQL Solutions

Site Owners from SQLServerCentral

Directfrom Microsoft, this Exam Ref is the official study guide for the new MicrosoftDP-300 Administering Microsoft Azure SQL Solutions certification exam.

 

 Question of the Day

Today's question (by dbakevlar):

 

Tables with a SPARSE Column and Consumption

True or False:  Tables with a SPARSE column consume more space than regular columns if most values are NOT NULL.

Think you know the answer? Click here, and find out if you are right.

 

 

 Yesterday's Question of the Day (by Alessandro Mortola)

Using table variables in T-SQL

What happens if you run the following code in SQL Server 2022+?

declare @t1 table (id int);

insert into @t1 (id) values (NULL), (1), (2), (3);

select count(*)
from @t1
where @t1.id is distinct from NULL;

 

Answer: You get the following error: "Msg 137 - Must declare the scalar variable "@t1""

Explanation: Outside the FROM clause, table variables must be referenced by using an alias, as explained in the official documentation. So, the correct code for the query is the following:

select count(*)
from @t1 t
where t.id is distinct from NULL;

It actually works also using square brackets or double quotes as shown below:

select count(*)
from @t1 
where [@t1].id is distinct from NULL;

select count(*)
from @t1 
where "@t1".id is distinct from NULL;

 

Discuss this question and answer on the forums

 

Featured Script

Database File Growth Report Script

Deepam Ghosh from SQLServerCentral

A T-SQL script to track and monitor the growth of your SQL Server Databases.

USE [DBUtility]
--Step 1: Table to store database files size on daily basis
CREATE TABLE [DBUtility].[dbo].[tbl_DatabaseFileSpace](
[InstanceName] [nvarchar](50) NULL,
[DatabaseName] [nvarchar](50) NULL,
[FileName] [nvarchar](50) NULL,
[FileType] [nvarchar](20) NULL,
[TotalSizeMB] [decimal](10, 2) NULL,
[FreeSpaceMB] [decimal](10, 2) NULL,
[PercentFreeSpace] [decimal](10, 2) NULL,
[AutoGrowthMB] [decimal](10, 2) NULL,
[MaxSizeMB] [nvarchar](50) NULL,
[DataUpdatedOn] [datetime] NULL
) ON [PRIMARY]
GO

--Step 2: Stored Procedure to collect database files size on daily basis
CREATE OR ALTER PROCEDURE [dbo].[sp_CollectDBFileSize]
AS
BEGIN

DECLARE @db NVARCHAR(50)
DECLARE @sql NVARCHAR(max)

DECLARE dbsize CURSOR
FOR SELECT NAME from sys.databases WHERE NAME NOT IN('master','model','msdb','tempdb') and state = 0

OPEN dbsize
FETCH NEXT FROM dbsize INTO @db

WHILE @@FETCH_STATUS = 0
BEGIN
SET @sql = 'use ' + @db + '
SELECT CONVERT(NVARCHAR,SERVERPROPERTY(''servername'')), DB_NAME() AS DbName, name AS FileName,type_desc AS FileType,
cast(size/128.0 as decimal(10,2)) AS TotalSizeMB,
cast((size/128.0 - CAST(FILEPROPERTY(name, ''SpaceUsed'') AS INT)/128.0) as decimal(10,2)) AS FreeSpaceMB,
cast((cast((size/128.0 - CAST(FILEPROPERTY(name, ''SpaceUsed'') AS INT)/128.0) as decimal(10,2))/ cast(size/128.0 as decimal(10,2))) *100 as decimal(10,2))
as PercentFreeSpace,
cast(growth/128.0 as decimal(10,1)) as AutoGrowthMB,
case
when max_size = -1 then ''Unlimited''
else cast(cast(max_size/128.0 as decimal(10,2)) as varchar)
end as [MaximumSizeMB]
FROM sys.database_files'
--print @sql
INSERT INTO [DBUtility].[dbo].[tbl_DatabaseFileSpace]([InstanceName],[DatabaseName],[FileName],[FileType],[TotalSizeMB],[FreeSpaceMB],[PercentFreeSpace],[AutoGrowthMB],
[MaxSizeMB]) exec sp_executesql @sql
FETCH NEXT FROM dbsize INTO @db
END
CLOSE dbsize
DEALLOCATE dbsize

END
GO

--Step 3: Stored Procedure to send email to the concerned stakeholder
CREATE OR ALTER PROCEDURE [dbo].[sp_DBFileSizeTracker]
@InstanceName SYSNAME, -- SQL Instance
@EmailRecipients NVARCHAR(255), -- DBA Team's email id
@DBProfileName NVARCHAR(20) -- SQL Instance Database mail profile
AS

IF OBJECT_ID('tempdb..#MonthlyFileSizeHistory') IS NOT NULL
DROP TABLE #MonthlyFileSizeHistory;

CREATE TABLE #MonthlyFileSizeHistory (
InstanceName SYSNAME,
DatabaseName SYSNAME,
FileName NVARCHAR(128),
FileType NVARCHAR(128),
FirstMonth NVARCHAR(128),
FirstMonthSize DECIMAL(18, 2),-- Max file size in GB
ThirdMonth NVARCHAR(128),
ThirdMonthSize DECIMAL(18,2),
PercentageChange DECIMAL(18, 2) -- Percentage change
);

-- CTE to calculate max file size per month
WITH MonthlyMax AS (
SELECT
InstanceName,
DatabaseName,
FileName,
CASE
WHEN FileType = 'ROWS' THEN 'Data'
WHEN FileType = 'LOG' THEN 'Log'
-- ELSE NULL
END AS FileType,
FORMAT(DataUpdatedOn, 'yyyy-MM') AS Month,
CONVERT(DECIMAL(10, 2), MAX(totalsizemb / 1024.0)) AS MaxFileSize -- Convert MB to GB
FROM [DBUtility].[dbo].[tbl_DatabaseFileSpace]
WHERE InstanceName = @InstanceName --AND FileType = @FileType
AND DataUpdatedOn >= DATEADD(MONTH, -2, GETDATE())
GROUP BY InstanceName, DatabaseName, FileName, FileType, FORMAT(DataUpdatedOn, 'yyyy-MM')
),
FirstAndThird AS (
SELECT
InstanceName,
DatabaseName,
FileName,
FileType,
Month,
MaxFileSize,
ROW_NUMBER() OVER (PARTITION BY DatabaseName, FileName ORDER BY Month) AS RowNum
FROM MonthlyMax
)

INSERT INTO #MonthlyFileSizeHistory
SELECT
F1.InstanceName,
F1.DatabaseName,
F1.FileName,
F1.FileType,
F1.Month AS FirstMonth,
F1.MaxFileSize AS FirstMonthSize,
F3.Month AS ThirdMonth,
F3.MaxFileSize AS ThirdMonthSize,
CONVERT(DECIMAL(10, 2), ((F3.MaxFileSize - F1.MaxFileSize) * 100.0) / F1.MaxFileSize) AS PercentageChange
FROM FirstAndThird F1
JOIN FirstAndThird F3 ON
F1.DatabaseName = F3.DatabaseName
AND F1.FileName = F3.FileName
AND F1.RowNum = 1 -- First month
AND F3.RowNum = 3 -- Third month
ORDER BY F1.DatabaseName, F1.FileName;

DECLARE @EmailBody NVARCHAR(MAX);
DECLARE @EmailSubject NVARCHAR(255) = 'Database File Growth Report from last 3 Months for ' + @InstanceName;

-- Generate HTML table with the report
SET @EmailBody =
'


Hi DBA Team,

Below is the Database File Growth Report of ' + @InstanceName + ' Production Server Databases from the last 3 months with more than 10% Change Rate :

';DECLARE @Row NVARCHAR(MAX);
SET @Row = '';SELECT @Row +=
''
FROM #MonthlyFileSizeHistory
WHERE FileName IN (SELECT FileName from #MonthlyFileSizeHistory where PercentageChange > 10.0)
ORDER BY DatabaseName, FileName--, Month;-- Close the HTML table
SET @EmailBody = @EmailBody + @Row + '
SQL Server NameDatabase NameFile NameFile TypeFirst MonthFirst Month Size (GB)Third MonthThird Month Size (GB)Percent Change
' + InstanceName + '' + DatabaseName + '' + FileName + '' + ISNULL(FileType,'N/A') + '' + FirstMonth + '' + CONVERT(NVARCHAR(50), FirstMonthSize) + '' + ThirdMonth + '' + CONVERT(NVARCHAR(50), ThirdMonthSize) + '' + ISNULL(CONVERT(NVARCHAR(50), PercentageChange), 'N/A') + '

 

';

IF((SELECT COUNT(*) FROM #MonthlyFileSizeHistory WHERE FileName IN (SELECT FileName from #MonthlyFileSizeHistory where PercentageChange > 10.0)) > 0)
BEGIN
EXEC msdb.dbo.sp_send_dbmail
@profile_name = @DBProfileName,
@recipients = @EmailRecipients,
@subject = @EmailSubject,
@body = @EmailBody,
@body_format = 'HTML';
END

DROP TABLE #MonthlyFileSizeHistory;

More »

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.
SQL 2012 - General
SQL Server authentication vs. Trusted connection - I maintain an application written years ago, where the database is on a Windows 2012 R2 Server and the database is SQL Server 2012. The people who configured this application made it so that it used SQL Server Authentication. I've always taken it to be the case that SQL Authentication was the only way of […]
SQL Azure - Development
How to resolve issue of custom Audit log table containing incorrect data? - We have created a parent table, child table & Audit log table in SQL Server database. For one parent record, there are multiple child records. When a child record in updated, a Stored Procedure is called in which a few fields of all the child records are updated that are associated with the parent record. […]
SSRS 2016
ssrs subscription file share - I am trying to create a subscription that posts to a one drive directory.  I reset my password through microsoft and then copied that password when setting up the file share subscription.  When the subscription executes I get 'a logon error occurred when attempting to access the file share.  the user account or password is […]
SSDT
Visual Studio SSIS Package Showing Up Blank - Hi all, this is my first time posting on this forum, thank you all very much in advance. I have a .dtsx package open in Visual Studio, and one of the Script Tasks are erroring with "The binary code for the script is not found. Please open the script in the designer by clicking Edit […]
Snowflake, DataBricks, Redshift, and other cloud warehouse platforms
just finished a deep dive into snowflake - Hi, i know this is a sql forum but snowflake purports to interface with everything so i was hoping to get an opinion from some of the pundits in this forum. Does anyone in this community have an opinion either way of the snowflake product? One of the biggest areas of confusion is that they […]
Editorials
Concerns over AI Chat Privacy - Comments posted to this topic are about the item Concerns over AI Chat Privacy
Data Sovereignty in the Cloud - Comments posted to this topic are about the item Data Sovereignty in the Cloud
MySQL
MySQL 5.6 not writing any logs - We are using MySQL version 5.6 in our Windows Server 2012 R2 environment. We have enabled the error, general & slow logging in the config file, but the logs are not being written even in case of errors. The below is a snippet from the ‘my.ini’ file:     # Commented lines aren’t included [mysqld] […]
Article Discussions by Author
Database File Growth Report Script - Comments posted to this topic are about the item Database File Growth Report Script
The Duplicate Cursor - Comments posted to this topic are about the item The Duplicate Cursor
Introduction of Azure SQL Hyperscale: Stairway to Azure SQL Hyperscale Level 1 - Comments posted to this topic are about the item Introduction of Azure SQL Hyperscale: Stairway to Azure SQL Hyperscale Level 1
What is Delayed Durability in SQL Server — And Should You Turn It On? - Comments posted to this topic are about the item What is Delayed Durability in SQL Server — And Should You Turn It On?
Which MAXDOP? - Comments posted to this topic are about the item Which MAXDOP?
SQL Server 2022 - Administration
SSL certificate to connect Google Looker Studio to on-prem SQL Server - We have been asked to connect Google's Looker Studio to an on-prem instance of SQL Server 2022. Our instance has "Force Encryption" enabled, and uses a private domain CA certificate. In the connection string dialog for Looker Studio, there is an "Enable SSL" checkbox and an option to upload a Microsoft SQL Server SSL Configuration […]
SQL Server 2022 - Development
where did my topic on a new ssms 21 bug go - Hi should i repost my latest ssms 21 bug, the one in which sql agent now doesnt show property details on steps in the gui but does show them when the job is scripted?   It disappeared a couple of hrs ago because it was under eval.
 
This email has been sent to {email}. To be removed from this list, please click here. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com.
RSS Feed Twitter
©2019 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
webmaster@sqlservercentral.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -