 | A community of more than 1,600,000 database professionals and growing |
| | | The Combinations of Software Security issues seem to be appearing more frequently, not less. I'd expect that we would be getting better at writing software, and I think many of us are. The problem is that more and more people are writing software and we still haven't found a way to better train developers early in their careers. Perhaps the one good thing is that more and more developers are using frameworks, which create more consistent software. If issues are discovered, a patch can ensure a large swath of systems can be patched. The bad news is that far too many development groups build systems quickly, but don't patch them in an expedient manner. They may be afraid or just not bother. A short while ago there was a loss of data from Ticketmaster ticket sales. Apparently a chatbot was used to steal information. As soon as Ticketmaster discovered the issue, they disabled the software. There is some disagreement as to who is at fault here. The chatbot vendor says their JavaScript chatbot should not have been running on a secure payment page. The specifics here aren't important, but it is a concern that more and more often we are assembling applications from pieces of software. We often use plugins on websites and other building blocks when we put together a system. In more and more cases, we will be connecting this software to our data stores. That wasn't the case here, but often there is some data access, and since we may keep both secure and non secure data in the same database, any vulnerabilities in one building block can cause security issues in others. The weakest link in the chain saying applies here. I wonder how many of you worry about issues with the assembly of whole pieces of software. The pieces should be more secure, or at least, more easily patched. There should be more incentive and resources to patch software used by many people, though many times vendors become hesitant to do any more than absolutely necessary. I'm not sure if it's better to build out of pre-written pieces of code, but I do know that security is a shared responsibility and I wish it was more of a priority for all developers. The security of our application can depend on that weakest link. Steve Jones from SQLServerCentral.comJoin the debate, and respond to today's editorial on the forums |
| The Voice of the DBA Podcast Listen to the MP3 Audio ( 3.9MB) podcast or subscribe to the feed at iTunes and Libsyn.  The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. |
|
|
|
| | ADVERTISEMENT |  | | CI/CD for your SQL Server database Feeling the pain of managing and deploying database changes manually? Redgate SQL Change Automation completes your database delivery process by building, testing, and deploying the database changes you and your team check into version control.
Try it free |
|  | | How to track every change to your SQL Server database See who’s changing your database, alongside affected objects, date, time, and reason for the change with SQL Source Control. Get a full change history in your source control system. Learn more |
|
|
|
| | |
 | Additional Articles from SimpleTalk Power BI allows you to use parameters to make your reports dynamic. In this article, Robert Sheldon demonstrates how parameters can be used to substitute connection information, query filters, or even calculations within the query. More » |
 | The speed of business today demands that the development and deployment of applications is fast-moving, with frequent yet error-free releases. That’s why the adoption of DevOps is trickling down from Amazon, Facebook, Google and the other usual suspects to every company that relies on technology to drive its communications or sales with users. More » |
 | Kenneth Fisher from SQLServerCentral Blogs It’s TSQL Tuesday again! This time our respected host is Bert Wagner (b/t). Quick aside, if you haven’t seen his... More » |
| | Steve Jones from SQLServerCentral Blogs Bert Wagner has a good invitation this month, a T-SQL Tuesday question about code, specifically code you can’t live without.... More » |
|
|
| | | Today's Question (by Steve Jones): I run this code, how many columns are returned in the SELECT and is there an error? (select 2) CREATE TABLE dbo.PurchaseOrder (PO VARCHAR(100)); GO BEGIN TRANSACTION ALTER TABLE dbo.PurchaseOrder ADD CustomerName VARCHAR(100); ROLLBACK TRANSACTION; GO SELECT * FROM dbo.PurchaseOrder AS po; GO |
Think you know the answer? Click here, and find out if you are right.
We keep track of your score to give you bragging rights against your peers.
This question is worth 1 point. We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the Contribution Center. |
|
|
| |
| ADVERTISEMENT | | Extending SSIS with .NET Scripting: A Toolkit for SQL Server Integration Services Extending SSIS with .NET Scripting is a timeless and comprehensive scripting toolkit for SQL Server Integration Services to solve a wide array of everyday problems that SSIS developers encounter. The detailed explanation of the Script Task and Script Component foundations helps you develop your own scripting solutions, but this book also shows a broad arsenal of readymade and well-documented scripting solutions for common problems. Get your copy from Amazon today. |  |
|
|
|
|
|
|
| Yesterday's Question of the Day |
| Yesterday's Question (by Steve Jones): I've got this dataframe: > battingpergame Year H HR SO 1 2018 8.40 1.14 8.52 2 2017 8.69 1.26 8.25 3 2016 8.71 1.16 8.03 4 2015 8.67 1.01 7.71 5 2014 8.56 0.86 7.70 6 2013 8.66 0.96 7.55 7 2012 8.65 1.02 7.50 8 2011 8.70 0.94 7.10 9 2010 8.76 0.95 7.06 10 2009 8.96 1.04 6.91 I want to create a new dataframe with just the year and home run columns (Year, HR). Which command should I use to get these results? > homeruns.by.year Year HR 1 2018 1.14 2 2017 1.26 3 2016 1.16 4 2015 1.01 5 2014 0.86 6 2013 0.96 7 2012 1.02 8 2011 0.94 9 2010 0.95 10 2009 1.04
Answer: homeruns.by.year <- subset(batting, select = c(Year, HR)) Explanation: The first choice (homeruns.by.year <- c(battingpergame$Year, battingpergame$HR)) gives a vector, not a data frame. The second also doesn't work. The third item, using subset(), will get a portion of a datarfame and create a new dataframe. Ref: Subset - click here
» Discuss this question and answer on the forums |
|
|
| Database Pros Who Need Your Help |
| Here's a few of the new posts today on the forums. To see more, visit the forums.
Need help with the getting a top 1 record with in a table with same ids - I have a table which have values like this id date 1 2018-07-16 2 2018-07-18 3 2018-07-19 2 2018-07-19 3 2018-07- 20 1 2018-07-17 1 2018-07-18 I want to... List event with date range - I have table where an event has a start date and end date. An event might not have a end...
SQL Server Developer edition risks - Hi there, We're currently reviewing our SQL Server licensing within our non-production environments. The majority of our production environments run SQL...
LEFT JOIN with CASE subquery ? - I am joining several tables together to do get pricing (a column) based on a code value (a column) and a... Stored Procedure - I am a beginner in Microsoft SQL and I’ve come across this stored procedure at work. I sort of understand... Query Performance Impact due to FOR XML PATH and Large Data - Hi Experts, i'm running the following query and it takes large amount of time to execute, the source data has 23... How can convert hex value to decimal in sql server 2012 - How can convert hex value to decimal in sql server 2012 Loading more than 1 billion records from CSV File - Hi Guys Need help. I need to load a very big csv file into SQL Server 2016. The file contains more...
Converting Excel Formula into TSQL - Hello Dear Friends, I need a help with Converting an Excel Formula below into TSQL Excel Formula: ==15.42*(1-(125-100)/100) Expected Correct Result: 15.17 I have tried to... Sorting and Grouping problem - Hi, I have a table:
Database query performance is very poor - database performance is getting better after restart the server and slowing down after a while even though i have index... Recover free space in multi-terabyte db with minimal downtime - We have a multi-terabyte DB that is part of an HA Group, which, due to a lot of archiving now...
Flat File csv with double quotes - I am running into an issue and I can not figure it out. I have an SSIS package I am working... SSRS: dataset error, <procedure or function has too many arguments specified > - Hi, all I'm getting this error on Dataset in SSRS while executing report on Preview : <procedure or function has too many...
Can I Proper case a UK address string with postcode with a function - Hi All Thanks in advance for any solutions I have been doing some searching and found pattern matching for UK post...
weird issue? green arrow disappear - I have been using SQL Server 2008 SP2 for 2 years and didn't face that, today I upgraded to SP4...
Find the variance in a group - I have a very simple report grouped by "Payer". There are two rows of data. One for 2017 and the...
Cannot find the symmetric key , because it does not exist or you do not have permission on sqlserver 2005 standard edition - Hi guys, We are facing some problems in Sqlserver 2005 standard edition,while opening the symmetric key (certificate decryption) on sa...
Getting SID from Active Directory - SID transformation problems - Hi all, here is the issue:
we had an old xp that gets SID from AD, using a domain user name (i.e....
Looking for general advice on next phase of career, from SQL Server DBA to... - I'm currently on the horns of a dilemma. I guess a lot of people have seen the writing on the... |
|
| This email has been sent to newsletter@newslettercollector.com. To be removed from this list, please click here.
If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com.
| This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here.
| This transmission is ©2018 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
Contact: webmaster@sqlservercentral.com |
|
|
