Problems displaying this newsletter? View online.
SQL Server Central
Featured Contents
Question of the Day
The Voice of the DBA
 

Building CyberSecurity Skills with an Advent Challenge

I've been working on the Advent of Cyber challenge this December. It's more of a walkthrough of some puzzles than it is solving them yourself, but it has given me a brush up on some skills and helped me learn some basics of how people in charge of (or looking to break) security look at the world. Plus it's been a little fun with a silly storyline each day.

The first challenge starts with a chatbot and trying to social engineer answers out of it. This was interesting to me, even though it was likely (hopefully) not a representative example of how AIs would work in most systems. However, it got me to think more about how I pose questions to an AI and how I can grow my prompts. The neat thing about AI is that you don't have to ask the perfect question and then re-ask the same question with more info to get an answer. The AI keeps context in a conversation, which is way more powerful than previous Q&A search systems.

The second day was Python and Jupyter Notebook basics, which were a nice refresher for me on a couple of concepts, but not that interesting. However, the third day introduced some password-cracking tools, the fourth day added other ones, and a few subsequent days showed some software that is devious in how it can be used to penetrate security. Other challenges have me the chance to brush up on Linux and network skills I hadn't used in a long time.

The SQL Injection module (day 10) is well done, and I might recommend most developers go through that to see why their easy, convenient build-a-sql-string-to-execute code is an incredibly bad idea. It's also why they can't also use stored procedures as built-up batch commands. Use the stored procedure objects to execute with named parameters.

The idea of using a little plot and story, with a simple challenge to teach some skills is a good one. I've been lucky in my career to be exposed to a lot of different technologies and ways of working with systems. I've set up bridges, routers, and firewalls. I've had to get network links and cables to work and talk with different protocols, including configuring T1 connections. I've built machines, dealt with different types of local and remote storage, and had to program and administer systems at all levels of the OSI model. Does anyone remember that?

This was a fun break from work, doing a module or two every other day, remembering there are a lot of complexities to our systems outside the database, or outside the application software. It's also reminded me of all the different ways that security can be breached.

Take the challenge and learn some new skills. I think many of you will learn something and you might enjoy yourself along the journey.

Steve Jones - SSC Editor

Join the debate, and respond to today's editorial on the forums

 
  Featured Contents
SQLServerCentral Article

Creating a Hyperscale Database in Azure Using the Azure Portal

Almighty from SQLServerCentral

One of the most effective ways to fully utilize your data is to create an Azure Hyperscale database. The principles of Azure Hyperscale databases have been discussed in this article, including their cost-effectiveness, worldwide accessibility, automatic scaling, and reliable performance.

External Article

What is Microsoft Fabric all about?

Additional Articles from SimpleTalk

In this article, we will introduce Microsoft Fabric and how it relates to Power BI Premium Capacity we will turn to the mechanics of capacity utilization, and we will briefly look at how to monitor the performance loads of our Fabric resources.

Blog Post

From the SQL Server Central Blogs - How to Test Trace Flag 3625

Patrick Keisler from Everyday SQL

Recently, one of my customers considered enabling Trace Flag 3625 on one of their SQL Servers, but they wanted a way to quickly test its functionality beforehand. For those...

Blog Post

From the SQL Server Central Blogs - Executing One Line in VSCode–#SQLNewBlogger

Steve Jones - SSC Editor from The Voice of the DBA

I wrote about arrays in PowerShell last week, but I realized one of the things I did while experimenting was look up how to run code a line at...

Microsoft Power Platform Up and Running: Learn to Analyze Data, Create Solutions, Automate Processes, and Develop Virtual Agents with Low Code Programming

Site Owners from SQLServerCentral

The book begins with the basics, explaining what low-code and no-code are and showing how to maximize efficiency in creating business applications for one's organization. Next, the book describes the Microsoft Power Platform's foundation, as well as all its components and services. Readers will begin with practical exercises right away, beginning with provisioning a Power Platform environment. Next, the book delves deeper into the Power Platform components such as Power Apps, Power Automate, Power BI, and Power Virtual Agents. Towards the end, the book explains practical exercises for each feature or service where you will gradually build a small business solution for a fictitious organization, Project Wizards, Inc.

 

  Question of the Day

Today's question (by Steve Jones - SSC Editor):

 

The PowerShell Array Removal

I have this code in PowerShell:
$numbers = @(1,2,3,4,5,6,7,8,9,10)
I run this code. How many rows are returned?
$numbers[4]=$null $numbers

Think you know the answer? Click here, and find out if you are right.

 

 

  Yesterday's Question of the Day (by Steve Jones - SSC Editor)

Parameter Defaults

I have a T-SQL stored procedure that looks like this:

CREATE PROCEDURE dbo.AddTogether @a int , @b int = 1 AS BEGIN -- Declare a variable to store the result DECLARE @result INT; -- Add the two parameters and assign to the variable SET @result = @a + @b; -- Return the result SELECT @result; END;

Where can I query the DMVs to get the parameter defaults? (null for @a, 1 for @b)

Answer: Only from the stored procedure code in sys.modules

Explanation: The default values for parameters are not stored anywhere in the DMVs. These are only in the object code definition, which is easily gotten from sys.sql_modules. Ref:

Discuss this question and answer on the forums

 

 

 

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.


SQL Server 2017 - Administration
Arctic Wolf flooding SQL error log - Hello experts, I am not sure if anyone uses Arctic Wolf for a security tool, but we recently implemented it and one thing it does is penetration testing and vulnerability scanning on our SQL Servers. Our IT team has this turned this feature on as they want to make sure things are secure, but it […]
SQL Server 2017 - Development
Query - ServerName DatabaseName DatabaseSize(MB) Date Server DBName Size Date A DB 110 6/1/2023 A DB 113 7/1/2023 A DB 118 8/1/2023 A DB 130 9/1/2023 A DB 120 10/1/2023 A DB 140 11/1/2023 A DB 143 12/1/2023 A DB2 1110 6/1/2023 A DB2 1113 7/1/2023 A DB2 1118 8/1/2023 A DB2 1130 9/1/2023 A DB2 1120 […]
SQL Server 2016 - Administration
emergency!!! RecoveryPending how to fix it? - How to fix Recovery Pending State in SQL Server Database,please help
SQL Server 2016 - Development and T-SQL
housekeeping of millions of records on everyday basis - Hello!! We are building our system that will be up and running for 24x7 365 days. the data will be generated in millions each day. Kindly help with the best practices material where in we can implement smooth house keeping processes on each table so as to not to load the tables as well as […]
send csv file or txt file to sftp server - Hello Can someone help me with code to send file to sftp server please: Here is my code: # SQL Server query $Query = "SELECT  name from tblName" $SqlConnection = New-Object System.Data.SqlClient.SqlConnection $SqlConnection.ConnectionString = "Server=CWR-PP02;Database=testdb;Integrated Security=True" $SqlCmd = New-Object System.Data.SqlClient.SqlCommand $SqlCmd.CommandText = $Query $SqlCmd.Connection = $SqlConnection $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter $SqlAdapter.SelectCommand = $SqlCmd $DataSet = […]
SQL Server 2019 - Development
Validation of special char and replace for the good one - Hello I need help on how to do this more efficient. I will need to write a store procedure to validate an address which contains special characters Address is like : Street : Las Ñipas 4264 So i need to remove the Ñ and replace it for N I was reading to use collate SQL_Latin1_General_CP1253_CI_AI […]
Query to get the previous row from the row selected - Hi I have payroll detail table in which I have payroll details id and an employee id (foreign key from employee table). My requirement is, when a row is selected for a particular employee, I want to get the value from a the previous row. For example if I have 3 employees and each have […]
How to write to a file from SQL Server running on Docker Container on Linux - So we have a SQL Server database running in a Docker Container on Linux There is a stored procedure which will take in JSON as a parameter and extracts data out into a table called dbo.BCPOutput Now I can run this from SQL Server Management Studio (in SQLCMD mode) :connect 217CAS -U sa -P xxxxxxx […]
SQL Server 2008 - General
Merge Replication SQL 2008 (10.0.6556) - downloads slow and behind - Merge Replication SQL 2008 (10.0.6556) - downloads slow and behind I am working on newly virtualized sql cluster with sql 2008 and merge replication with replication of many tables on a large database (multiple TB data file).  Recently, the merge replication of one of two pubs for it started to appear to only perform uploads […]
SSRS 2012
SSRS Open link in new tab - Hello! I have a report that lists all reports in folders on the report server, if you click on the report name I want it to open a new tab with that report. So I am not sure where I am going wrong. I am building my URL link to other reports on the server […]
Analysis Services
Calculated Time Periods Hierarchy - Please help me understand why I am getting the following error: "A set has been detected that can't contain calculated members." I have Attributes "Dates" and Hierarchies  "Calendar" (YearID/QuarterId/MonthId/dtDate). I've created  Calculated Member a "Current Month" for the parent hierarchy «Dates.Calendar.[all]». CREATE MEMBER CURRENTCUBE.[Dates].[Calendar].[All].[Current Month] AS StrToMember("[Dates].[Calendar].[Month Id].&[" + Format(now(), "yyyyMM") + "]"), VISIBLE = […]
Calculated Time Periods Hierarchy - please help me figure out why I'm getting the following error: I need to create Calculated Member for "yesterday", "current month", "current year", but but I keep getting an error message please help me figure out why I'm getting the following error: "A set has been encountered that cannot contain calculated members." I have Attributes […]
SQL Server 2022 - Administration
Moving database servers - IP address change - listeners - Hi, We will be moving our physical database servers to a new location. Prior to the move, new IP address for all the SQL servers will be changed/updated.     Are the IP address listed above for the cluster server? After the servers are moved will I need to change the IP address for the […]
how to install smo in an offline machine - hi,   how do I install smo in a offline machine https://www.nuget.org/packages/Microsoft.SqlServer.SqlManagementObjects#usedby-body-tab Install-Package Microsoft.SqlServer.SqlManagementObjects -Version 170.18.0   PS C:\Users\Administrator> Find-Module -Repository smo WARNING: The file extension 'C:\Packages\nuget.exe' is not valid. The required file extension is '.nupkg'. Version Name Repository Description ------- ---- ---------- ----------- 21.0.17224 SqlServer SMO This module allows SQL Server developers, admin   […]
SQL Server 2022 - Development
Replication for archive server with longer retention period - I want to set up SQL Server transactional replication from a main SQL Server to an archive SQL Server. The archive will contain historical data and have a retention period much longer than the main server. Data will be purged by application code on both the main and archive servers, and the archive will be […]
 

 

RSS FeedTwitter

This email has been sent to newsletter@newslettercollector.com. To be removed from this list, please click here. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com.
©2019 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
webmaster@sqlservercentral.com

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -