Tom LaRock's (Blog | @SQLRockstar) latest Meme Monday challenge asks: "how many things can go wrong with a database server that are NOT related to a disk drive?" and invites SQL bloggers to list 9 problems in an attempt to come up with 99 total. Here are some things I've seen over the years at different places I've been:
- Access rights - too much, too few, & everywhere in between
- Not understanding that replication turns one update statement affecting 500K rows into 500K update statements that affect one row each
- Not understanding why 500K update statements affecting one row each don't replicate immediately
- WITH (NOLOCK)
- Ambiguous schema design
- Not paying attention to alerts (if they're even set up to begin with)
- Default database growth settings
- Not setting max server memory (especially on x64 instances)
- Dynamic SQL
Why stop at 9? Here's a few more fun ones…
- ORM tools…they're getting better, but jeez some of the first iterations of these generated some nasty, horrible SQL (see #9)
- Not taking backups
- Not testing restores when you actually do take backups
- Index hints on every table referenced in a select statement (do you really think you're that much better than the query optimizer?)
- SELECT * FROM…
- Error messages displayed on public facing web applications which include the connection string (bonus: showing the username and password for the SQL login in plain text)
- Public facing web based "tools" which let you enter T-SQL in a text box and execute it against any one of the servers shown in a dropdown list…(yes, unfortunately I really did see this once)
- Public facing access to SQL Server instances
- SQL injection
Tag, you're it! What kinds of bad stuff have you seen before?
