 | A community of more than 1,600,000 database professionals and growing |
| | | Default Security If anyone sets up a new desktop machine, a new SQL Server instance, a new Elastisearch instance, or any other platform, you need to ensure there is default security. That was a problem recently with a financial company that had a default Elasticsearch instance up with no authentication required. When I look at the install directions, security isn't mentioned. There is a secure settings page, but that's not authentication. It's not until you look way down the setup instruction list that you find configuring security. Even then this mentions "you can password-protect your data", which isn't a good option to have. This should be built in with a "you must" protect your data. SQL Server used to allow a blank password, but there was plenty of outcry about this and setup changed to either require Windows Auth only, which inherently has some secure settings for accounts, or mixed security where a password must be entered for the only default account. That's how many software programs work these days, and really how all should work. I'm still amazed by people that don't put a password (code, fingerprint, etc.) on a mobile phone. I'm surprised that we have any data store platform that doesn't require some security. As much as I find Google Drive sometimes a pain, I am glad that I can't put files in there and open them to the general public. At least, I haven't figured out how to do this. I constantly need to add specific people to access files. All data files/software/stores/platforms/etc. need to be secured. Containers, buckets, any file shares should be limited in some way. Any platform ought to require user accounts and not allow access to all data by default. Really, privileged accounts ought to separate configuration and security from data access. I'd like to see "sa" allowed to work the instance and create databases and move files, but not allowed to access data. We need better default security, and more importantly, we need to believe that we need better default security. That's for all data, including backups, search services, and anything else that can access a database. Leaving data open to anyone that might stumble upon the URL is a mistake that has no excuse these days. Steve Jones from SQLServerCentral.comJoin the debate, and respond to today's editorial on the forums |
| The Voice of the DBA Podcast Listen to the MP3 Audio ( 4.5MB) podcast or subscribe to the feed at iTunes and Libsyn.  The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. |
|
|
|
| |
| | |  | Bill Pearson from SQLServerCentral.com SSAS Maestro, SQL Server MVP and Business Intelligence Architect Bill Pearson introduces the MDX Head() function, which allows us to return, in order, a specified number of elements within a set. More » |
 | Press Release from Redgate When you can’t get to your data because another application has it locked, a thorough knowledge of SQL Server concurrency will give you the confidence to decide what to do. More » |
 | Phil Factor offers a clever way to report on an intrusion, with a query that shows a full ‘narrative’ description of all the changes that have been detected by SQL Monitor. Using the results, the DBA can very quickly investigate the sequence of unusual events. More » |
 | Additional Articles from MSSQLTips.com This article will help with gaining confidence and familiarity with Microsoft Azure's Data Lake Analytics offering to process large datasets quickly while demonstrating the potential and capabilities of U-SQL to aggregate and process big data files. More » |
 | Solomon Rutzky from SQLServerCentral Blogs (last updated: 2019-01-31 @ 22:45 EST / 2019-02-01 @ 03:45 UTC ) Today’s “Question of the Day” on SQL Server Central, Cleaning up the... More » |
| | Arthur Daniels from SQLServerCentral Blogs I didn’t expect anything for free in index maintenance. After all, it takes a lot of CPU and transaction log... More » |
|
|
| | | Today's Question (by Steve Jones): I have a list in Python that looks like this: >>> a = ["I", "would", "like", "to", "go", "to", "Australia"] I want to get all of these words into a single sentence. What is the best way to do this? |
Think you know the answer? Click here, and find out if you are right.
We keep track of your score to give you bragging rights against your peers.
This question is worth 1 point in this category: Python. We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the Contribution Center. |
|
|
| |
| | Yesterday's Question of the Day |
| Yesterday's Question (by Steve Jones): Which of the following is true about creating a memory-optimized table?
Answer: An index must be specified in the definition on some field Explanation: A memory optimized table does not need to include the filegroup, as the default MOT filegroup is used. For durability, if not specified, the default is SCHEMA_AND_DATA. The MOT table must also have at least one index, but it does not need to be a primary key. Ref: Indexes on Memory-Optimized Tables - click here CREATE TABLE - click here
» Discuss this question and answer on the forums |
|
|
| Database Pros Who Need Your Help |
| Here's a few of the new posts today on the forums. To see more, visit the forums.
SQL server 2017 developer edition on Linux - I installed a developer edition of SQL server 2017 on redhat linux Virtual box hosted by windows 10. I cannot remote... Transactional replication version restrictions - Hi, We are looking to build a new SQL2017 server - what versions of SQL server can be a subscriber to it's... BCP usage - Hi All, I am trying to one bcp command I am not able to execute it correctly. I have created below table: CREATE... Network error code 0x2746 - We constantly get the error below on the majority of our SQL servers. I'm talking about thousands of them, only...
removed zeroes from numeric column -
Diskspace requirement for 1M records - Hello Team, I have a requirement where I need to see how much space is used per each record for each... Thousands of Successful Logins - We are seeing user accounts with tens thousands of successful logins per day. These are SSMS users. This strikes me...
Unpivot query - All, DDL and DML: CREATE Operating system error code 5(Access is denied.) when running SSIS package - Hi, I have a job step which executes an SSIS package on SQL Server 2016 SP1. The owner of the job...
Installing Office (Excel) on database server - security conserns - Hi, Is there any security issues to consider, if installing Office on a database server, The question is not regarding cost, stability or...
Create Excel (xlsx) file in SSIS/C# using Microsoft.ACE.OLEDB - Hi, I am trying to execute the below mention code in a script task in SSIS (C#). I get the error {"The... Performance Issue Problem in Stored Procedure - Hi All , I have one Stored procedure it has performance issue .Every 5 hours once if i compile the SP...
How to give Read only permission on sysmail_allitems table - Hi There, Can you please let me know how do I provide select permission on sysmail_allitems table under MSDB database to... how to connect Cassandra and report the data using SSRS - Hi Friends, I have a requirement to generate report through SSRS 2012 from Cassandra DB.But I have no idea how does...
SQL backup to ACCDB - Hi All, Currently i have an access front end with links to SQL tables. We now have a need to save... distinct in over partition - create table #testing( nvarchar(100), country nvarchar(100), colour nvarchar(100), amount int ) insert into #testing values('testingOrder1','UK','red',10), ('testingOrder1','UK','red',20), ('testingOrder1','UK','red',30), ('testingOrder2','US','blue',50), ('testingOrder2','US','green',50) select * from #testing how can i co
SSRS Subscription - Hi, I am trying to send SSRS notification to recipients when data exists in report with the code below . The subscription...
"Text was truncated or one or more characters had no match in the target code page.". - This error somehow for some reason makes me so deeply sad that i cannot even think where i should start...
xp_cmdshell problem - Hi there, I am currently deploying a stored proc on the master database on one of our servers. The stored proc deployed...
The SQL Saturday Thread - As popular as SQL Saturday is, I'm surprised that nobody created a thread dedicated to SQL Saturday, so I created... |
|
| This email has been sent to newsletter@newslettercollector.com. To be removed from this list, please click here.
If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com.
| This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here.
| This transmission is ©2018 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
Contact: webmaster@sqlservercentral.com |
|
|
