Switching to Bing
When the announcement for Bing came out, I didn't immediately go over and check it out. As a matter of...
2009-06-08
1,063 reads
Brian Kelley
- Interests: Chess, Reading, Soccer (Football), Baseball, Animals, Theology
Security Basics: Applying the Principle of Least Privilege Properly
Whenever I do a security presentation, I make sure to cover the Principle of Least Privilege. And when I do I boil it down to this very simple definition: Giving the rights to do the job. No more. No less.
2009-06-04
1,912 reads
Balancing Priorities
This one isn't a technical post, but it's entirely appropriate to those of us in the IT field. Today was a...
2009-06-02
772 reads
Why I Say Something about Running as Administrator
On a couple of recent webcasts, I pointed out the folks were running with the local Administrator account. To start this out, I'm not a big fan of security by obfuscation. Security by obfuscation (not code obfuscation, but security by obscurity, if...
2009-06-02
2,556 reads
Security Basics: Understanding the Surface Area
When it comes to securing a system, it's important to understand how it might be attacked. That's what surface area...
2009-06-01
1,323 reads
Security Basics: Applying the Principle of Least Privilege Properly
Whenever I do a security presentation, I make sure to cover the Principle of Least Privilege. And when I do...
2009-05-29
3,154 reads
Why I Say Something about Running as Administrator
On a couple of recent webcasts, I pointed out the folks were running with the local Administrator account. To start...
2009-05-28
2,157 reads
Catalog view: sys.tcp_endpoints
I was playing around with the endpoint catalog views this afternoon just looking at ways to do poor man's configuration...
2009-05-27
2,824 reads
Speaking at Augusta Developer's Guild
Tomorrow night, May 28th, I'll be speaking the Augusta Developer's Guild. This is a make-up from earlier in the year...
2009-05-27
1,379 reads
SQL Injection - Why I Don't Think Parameterization is Enough
One of the main defenses touted against SQL injection attacks is to use proper parameterization at the application layer. But while this gets most of the cases, there are clearly examples where this alone fails. For instance, consider the stored procedure...
2009-05-20
3,948 reads
Blogs
Advice I Like: Pyramid Schemes
By Steve Jones
If someone is trying to convince you it’s not a pyramid scheme, it’s a...
Using Prompt AI for a Travel Data Analysis
By Steve Jones
I was looking back at my year and decided to see if SQL Prompt...
FinOps for Kubernetes: Leveraging OpenCost, KubeGreen, and Kubecost for Cost Efficiency
In the era of cloud-native applications, Kubernetes has become the default standard platform for...
Forums
Database file shrink issue.
Hi experts, I have a 3+ TB database on a 2019 sql server which...
The North Star for the Year
Comments posted to this topic are about the item The North Star for the...
Multiple Escape Characters
Comments posted to this topic are about the item Multiple Escape Characters
Question of the Day
Multiple Escape Characters
In SQL Server 2025, I run this code (in a database with the appropriate collation):
SELECT UNISTR('%*3041%*308A%*304C%*3068 and good night', '%*') AS 'A Classic';
What is returned? See possible answers