Problems displaying this newsletter? View online.
SQL Server Central
Featured Contents
Question of the Day
The Voice of the DBA
 

Lower Your Attack Surface Area

It's no surprise that our systems are under attack by all sorts of criminals. Some organized, some opportunistic, some just aiming for vandalism. We need to protect our digital systems to prevent issues, and a part of better protection is reducing the number of places that are vulnerable. Those places include databases.

This article discusses the rising costs of data breaches and the increased frequency of attacks. It also examines the increasing number of regulations that are demanding proof of stricter security measures. It can be hard enough to defend production systems, let alone protecting dev/test environments. I see an increasing number of organizations that limit access to production systems, even to the point that this impedes some of the daily work habits of technology professionals, but that is probably a good thing. Too many of us are too lax when it comes to security.

There are lots of approaches to getting better at security, but one of the easier ones is to avoid making copies of sensitive data. About half of you (I hope it's not more) still use production restores in dev/test environments. That's a tripling of the places your data could be attacked if you restore a database to a development server and a test server. If could be even worse if you make more copies.

An easy solution in today's world is to build a better test data management process for either anonymizing and obfuscating your sensitive data or generating synthetic data. Both have their challenges and I suspect that most organizations need a combination of both approaches to both protect their data as well as build better software for their customers. After all, a huge amount of bugs are data related, where developers have not tested their software against enough different data elements. Both synth data and anonymized data help here to produce enough different edge cases that your testing is thorough enough to increase quality.

Of course, you need extensive testing, which means automation. Ideally an automated DevOps flow that subjects your software to increasingly complex tests as it moves through your pipeline to ensure it's ready for release. This also means a good set of test data, not only for QA, but for automated tests. You need a test data management strategy.

Securing digital systems is a complex task, but we ought to try and make it easier on ourselves by developing good habits in how we manage both access and by limiting the copies of sensitive data.

Steve Jones - SSC Editor

Join the debate, and respond to today's editorial on the forums
 
  Featured Contents
SQLServerCentral Article

Understanding SQL Server LEFT_SHIFT and RIGHT_SHIFT Functions

Noman072 from SQLServerCentral

Learn how to use the LEFT_SHIFT and RIGHT_SHIFT bitwise functions in SQL Server 2022.
External Article

AI Tools for Job Seekers – Salary

Additional Articles from MSSQLTips.com

In our conversations with job seekers, a consistent theme has been HOW do you use AI tools. This can be used to get new ideas, improve and optimize resumes, understand trends/market data, determine new connections and networking avenues, save time, alleviate headaches and roadblocks, and be more efficient and effective overall. Well, say goodbye to the days where you need to start a cover letter or resume from scratch or feel isolated, alone, and anxious during the resume writing, interview prep, salary negotiation, and other parts of the job search process, as we all now have an incredibly powerful job searching tool and career coach at our disposal to help with any writer’s block and almost every challenge you may run into!
Blog Post

From the SQL Server Central Blogs - Mistakes IT Shops Without a DBA Make

Kevin3NF from Dallas DBAs

We get it. There’s no budget for a DBA on staff, or even a contract support firm like Dallas DBAs. You are not alone! There are thousands of firms...
Blog Post

From the SQL Server Central Blogs - Deploy at Low Priority

Zikato from StraightforwardSQL

Learn how to deploy schema changes in an always-online SQL Server environment without a maintenance window. This utility reduces blocking and improves deployment success.
The problem
I attempted to deploy a...

Pro T-SQL 2022: Toward Speed, Scalability, and Standardization for SQL Server Developers

Site Owners from SQLServerCentral

Learn how to write and design simple and efficient T-SQL code. This is a hands-on book that teaches you how to write better T-SQL with examples and straightforward explanations.

 

  Question of the Day

Today's question (by Steve Jones - SSC Editor):
 

A Strange Choice
What is returned when I run this code in SQL Server 2022? 
CREATE TABLE CatIndex ( indexval VARCHAR(20) ) GO INSERT dbo.CatIndex (indexval) VALUES ('1'), ('2'), ('3') GO SELECT CHOOSE(indexval, cast('2025-01-01' AS DATE), CAST('2025-02-01' AS DATE), CAST('2025-03-01' AS DATE)) FROM dbo.CatIndex AS ci

Think you know the answer? Click here, and find out if you are right.
 

 

  Yesterday's Question of the Day (by Steve Jones - SSC Editor)

Column Adds and Drops

I run this batch on SQL Server 2022. What happens?

ALTER TABLE dbo.Accounts ADD AccountAccessType INT GO ALTER TABLE dbo.Accounts DROP AccountAccessType GO

Answer: There is a new column added to the table

Explanation: The first batch runs fine, but the second produces an error: Msg 3728, Level 16, State 1, Line 4 'AccountAccessType' is not a constraint. Msg 3727, Level 16, State 0, Line 4 Could not drop constraint. See previous errors. The column is not dropped as the DROP statement requires the column keyword. Ref: ALTER TABLE - https://learn.microsoft.com/en-us/sql/t-sql/statements/alter-table-transact-sql?view=sql-server-ver16

Discuss this question and answer on the forums

 

 

 

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.
SQL Server 2017 - Development
Splitting Text based on certain phrases in string - I have a text string that contains something similar to below : [{"ChannelName":"LOT4 - Telephone","ChannelRecordId":"42c49edf-9aa1-ec11-b85f-00155d640f76","Removed":false},{"ChannelName":"LOT4 - Video","ChannelRecordId":"46c49edf-9aa1-ec11-b85f-00155d640f76","Removed":false}] I need to strip out into separate columns or create additional records for the guid after the text "ChannelRecordID":" and also the false at the end (which might say true). The number of iterations of the phrase ChannelRecordID […]
SQL Server 2016 - Administration
KB5046856 fails to install - Hello experts, The following SQL update is failing to install on some of our SQL Servers with the following error. Is anyone else seeing this? I've tried Googling the error but have not found a specific fix for this issue. Thanks for any help. -- webrunner Update: Installation Failure: Windows failed to install the following […]
SQL Server 2016 - Development and T-SQL
Deadlocks after index rebuild - We rebuilt a bunch of indexes that had avg_fragmentation_in_percent>30. Now we have 1 job that is consistently getting deadlocks and I'm trying to find the root cause. Attached is the event data xml file from the deadlock event. Any help on which direction to start looking is greatly appreciated. We are using 2016 sp 2. […]
SSIS (Integration Services) - "External table is not in the expected format" - Good Afternoon. I have been manually running an SSIS package on an adhoc basis, which populates an Excel file from a SQL Server Table. There is no apparent issue with the package, but often I get the following error: "External table is not in the expected format" And it resolves when I Shut Down and Re-Start the […]
SQL Server 2019 - Administration
Multisubnet Cluster DBs not replicating - No AD on one subnet - Hi All, We have setup a 3 node SQL Server 2019 (CU30) multi subnet cluster with 2 nodes on production site and 1 node in disaster recovery (DR) site. The DR site does not have any AD/Domain and it is still under the same AD/Domain as production (Just different subnet but same AD - One […]
SQL Server 2019 - Development
how to output date of when a SP was created and last modification? - Hi everyone I have a query that gives me the list of all SP in my DB.  I would like to modify the query so it outputs two additional fields: 1. When was the SP created (call it CREATION_DATE)? 2. When was the SP last updated (call it LAST_UPDATE_DATE)? Is this possible?  If yes, how […]
Source to Target Mapping (Lineage) - Hi all, I work with an unusual warehouse and I was wondering if anyone else has this issue, we are looking to document source to target but with our set up it seems like it's going to be a manual process. We don't have a separate ETL tool that loads the data. Our warehouse is […]
where to find information about xE sqlserver.databases_bulk_copy_throughput - where to find information about xE sqlserver.databases_bulk_copy_throughput ? I'm searching for de description of all attributes ( e.g. "count" - is it number of B/KB/MB/GB or number of rows ? )
Analysis Services
How do I read XEL files in SSAS? - A colleague of mine has setup SSAS monitoring through Extended Events and these are writing to XEL files on the local server. Can anyone advise how I can read these on an SSAS server? I know how to do this in SQL Server but those commands don't work (or exist) in the SSAS query window. […]
Design Ideas and Questions
Linking/Bridge Table/ Or Surrogate Keys? - The system I'm working on is MS Access, but the principles of dimensional modeling are relevant. Please see the attached document for how my data is structured. Access does not allow me to create a column that was defined as an Auto Number as a drop-down option. Drop down displays, but the number 1 is […]
SQLServerCentral.com Test Forum
New test Mar 2025 - Testing posting and replying
SQL Server 2022 - Administration
Service Principal Name (SPN) getting this error and then sqlserver restarting. -   HI All, Service Principal Name (SPN) getting this error and then sqlserver restarting. every time unable to find other thing in logs in event viewer and in sqlserver logs also , do we need to check with windows team to get a fix for this so that again and again this wont happens and […]
SQL Backup folder permission issue - Hi SQL experts, Having an issue on one of our SQL servers at work in which the SQL backup folder permissions are not right and the folder is inaccessible. I just noticed this problem when attempting to setup nightly maintenance plans. Even though I'm logged in with my domain admin account, I still don't have […]
DBCC Clone Database Failing on SQL 2022 - When running clone sql is changing one specific table to History table and its failing. Please suggest if there is any bug  
SQL Server 2022 - Development
Getting error in sql server 2022 - Hi folks We have migrated database from sql server 2014 std to sql server 2022 std. database get restored and old server is sql service is stopped. Now after few initial operation we are facing this error "Please create master key in the database or open master key in session" as checked on net restored […]
 

 

RSS FeedTwitter

This email has been sent to newsletter@newslettercollector.com. To be removed from this list, please click here. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com.
©2019 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
webmaster@sqlservercentral.com

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -