 | A community of more than 1,600,000 database professionals and growing |
| Featured ContentsFeatured Script |
| | The Weakest Link I noticed another data breach recently. This breach was from PageUp, a firm that helps companies find employees. This means that they have lots of information, potentially PII data, and some of it might be out there. Since they provide job sites for many other companies, you might have used them to apply for a job and not realized it. Certainly if you have used them, you might keep an eye out. The company notes that no personal information was lost, though encrypted usernames and passwords were disclosed. These were salted values encrypted wtih bcrypt, which is secure, but all encryption can be broken given time and effort. Some people see bcrypt as secure, but others disagree. However, the strength of bcrypt depends on how the hashing was set up, and I wouldn't depend on this to be foolproof. If you used a password to apply for a job that you use on other sites, change it. The bigger issue for me is near the end of the BBC piece. A bank notes that a third party supplier had a security issue, so that means they need to check their systems. To me this means one thing. Their security depends on the security of their business partners. Depending on the level of access and integration, this might mean that your security is compromised by a link much weaker than the weakest link in your internal environment. Or that your security depends on the weakest human link not only inside your organization, but also within your partners. Despite all the work you've done to increase the security of your systems, you might have other holes out there. It doesn't appear this breach is as bad as originally thought, but the point is still valid. The more interconnected you are with partners, especially with shared access, the larger your attack surface area. I take away the need from this that I need to ensure a limited API and protected access with minimal privileges for internal systems that are connected to any other networks. Production level security is important not only to public facing systems, but also those that are semi-private with business partner access. Steve Jones from SQLServerCentral.comJoin the debate, and respond to today's editorial on the forums |
| The Voice of the DBA Podcast Listen to the MP3 Audio ( 3.0MB) podcast or subscribe to the feed at iTunes and Libsyn.  The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. |
|
|
|
| | ADVERTISEMENT |  | | The industry standard for comparing and deploying SQL Server database schemas Trusted by 71% of Fortune 100 companies, SQL Compare is the fastest way to compare changes, and create and deploy error-free scripts in minutes. Plus you can easily find and fix errors caused by database differences. Download your free trial |
|  | | Benchmark your Database DevOps maturity level Get a better understanding of how advanced your current processes are, receive recommendations for improvements, and see how your maturity level compares with that of your peers. Complete the Database DevOps Maturity Assessment |
|
|
|
| | |  | Adam Aspin from SQLServerCentral.com Handling weekends can be tricky in SQL. This article shows you how to Count the Number of Weekend Days between Two Dates More » |
 | Additional Articles from SimpleTalk Creating resources in Azure, while not difficult, can be time consuming if you use the manual steps. One way to automate the process is by using JSON templates to save time and enforce standards. In this article, Brian Flynn describes how to create JSON templates for deploying a network with virtual machines. More » |
 | Data protection and privacy regulations, ranging from GDPR to HIPPAA to PCI, among many others, put strict compliance requirements on the storage and use of personal and sensitive data, in any of your systems. There is no distinction between development, test or production databases, in the event of a data breach. If such data is lost or compromised while it’s being used in any part of your DevOps processes, then the organization can face hefty fines and even criminal prosecution. More » |
 | SQLFlipFlopsDBA from SQLServerCentral Blogs Hello everybody! Greetings from the very warm state of Texas! One of the most popular questions I get when talking... More » |
| | Matthew McGiffen from SQLServerCentral Blogs If you’re a long time Profiler user like me then you probably often take the option of saving (or loading)... More » |
|
|
| | | Today's Question (by Steve Jones): I decide to add a computed column to one of my tables. I use this code: ALTER TABLE dbo.OrderDetails ADD LineTotal AS qty * UnitPrice PERSISTED I want to index this column. What happens when I run this code? CREATE INDEX OrderDetailsIX_LineTotal ON dbo.OrderDetails (LineTotal) |
Think you know the answer? Click here, and find out if you are right.
We keep track of your score to give you bragging rights against your peers.
This question is worth 1 point in this category: Indexing. We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the Contribution Center. |
|
|
| |
| ADVERTISEMENT | | Exam Ref 70-765 Provisioning SQL Databases Prepare for Microsoft Exam 70-765–and help demonstrate your real-world mastery of provisioning SQL Server databases both on premise and in SQL Azure. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the MCSA level. Get your copy from Amazon today. |  |
|
|
|
|
|
|
| Yesterday's Question of the Day |
| Yesterday's Question (by Steve Jones): I write a function in Python that is supposed to split out the names of a SQL Saturday event and return the number. This is contained in a file called sqlsat.py and the function looks like this: def getsqlsatnum(event): Slices = event.split() return(Slices[1].strip('#')) I want to test this in the REPL, so I open one and type this: >>>import sqlsat >>>getsqlsatnum("SQLSaturday #1 - Orlando 2007") I get an error that the name 'getsqlsatnum' is not defined. Why?
Answer: The call to the function needs to be qualified as sqlsat.getsqlsatnum(). Explanation: When I import all functions in a file, I must qualify the name of the function with the name of the module. If I don't want to do this, I need to use the from..import syntax. Ref: Modules - click here
» Discuss this question and answer on the forums |
|
|
| | | Joe McDermott from SQLServerCentral.com This script generates a snapshot of your database with two variable inputs; database name, and snapshot name appended. The snapshot will be named @SourceDatabase + '_' + @SnapshotAppend You can also override the file path using @FilePath. Use the @Debug variable to print the output first for review.
The script will error if the database or the DATA file path doesn't exist. Tested on SQL Server 2012 More »
|
|
|
| Database Pros Who Need Your Help |
| Here's a few of the new posts today on the forums. To see more, visit the forums.
SQL Server Installation via cmd - specifying folder - I am learning to install SQL Server using cmd. This is my command C:\>SQLServer2017-SSEI-Dev.exe /ACTION=install /QS /INSTANCENAME="MSSQLSERVER" /IACCEPTLICENCETERMS=1 /FEATURES=SQLENGINE,SSRS /SQLSYSADMINACCOUNTS="domain\" when specifying... Checking my knowledge - Forum, I have a database that I am running out of space on the file system drives. It is currently taking... Service Master Key - Hi Experts, As per my limited knowledge the SMK is created when SQL Service is first started and all SQL Server...
Different behavior between "alter table drop column if exist" (new syntax) and the legacy one "if exists() alter table drop column " : is this a bug? - Hi I have notice something weird with the new syntax with a "drop if exist" It looks like the new syntax fire... Update failing from CSV if data not in table - First post here guys so sorry if Im in the wrong place for this. Its been the bain of my... Row-by-row insert with error handling -- Stored Procedures vs. SSIS - Hello, I have dynamic inserts and update statements that are created based on a select from sys.columns. My inserts and updates...
RedGate's SQL Doc and Extended Properties - I'm working on documenting our SQL data warehouse and am looking at getting RedGate's SQL Doc. I wanted to get... SQL 2016 SP2 - CU2 - Security Patch KB293807 - Maintenance Plans Issues - Over the weekend we installed SP2-CU2 and KB293807 on our SQL Server failover cluster. Now maintenance plans aren't work on... SQL Server 2016 - Catching Up Since SQL Server 2008R2 - We are moving from SQL 2008R2 to 2016 and needless to say I'm not up to date with the changes... How much RAM required to server - How much RAM required to server having 15-20 Million records, on which insert and update operations are executed. How to calculate...
Returning same line number for each line on Subquery with XML Query - Hello community, I built this stored procedure to create an XML file with a specific structure and using Row_Number () to distinguish... Multiple Joins - Hi guys, just a general question. I'm writing a query in order to create quite a large report. I have multiple... SSDT complex circular reference project - Hi All, I have a fairly complex setup with eight databases on a server each referencing each other (about every database...
Enforce Unique Constraint Across Two Tables - I have an interesting problem. An application allows users to "Tag" events with a label. Each user can put a... Need Help -- Views - SQL Server 2014 Enterprise Edition 64 bit Windows Server 2012 R2 Enterprise Edition 64 bit There are two databases A and B....
Unicode Support and Conversion - I have SQL Server 2012 and all my inputs got changed to Unicode. I have a week to change my...
check constraint not working - Hi , Below is my code. Using Check constraint , the aim is to throw an error whenever the insert statement tries to...
Prevent duplicates in a table - I am entering 'salaries' information into a sql server table called 'salaries'. Fields are : id (pk,identity),c_id (int),month,year,salary. I use a stored procedure...
Insert new records from one database to another using SSIS - I have a table with Table 1 ( taskid bigint , name varchar(200), tasktype varchar(500)) , what I trying to achieve is every...
How to kill Rollback process - Is there any way to kill rollback process. It's running for hours. |
|
| This email has been sent to newsletter@newslettercollector.com. To be removed from this list, please click here.
If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com.
| This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here.
| This transmission is ©2018 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
Contact: webmaster@sqlservercentral.com |
|
|