Technical Article

The Trustworthy Computing Security Development Lifecycle

This paper discusses the Trustworthy Computing Security Development Lifecycle (or SDL), a process that Microsoft has adopted for the development of software that needs to withstand malicious attack. The process encompasses the addition of a series of security-focused activities and deliverables to each of the phases of Microsoft's software development process. These activities and deliverables include the development of threat models during software design, the use of static analysis code-scanning tools during implementation, and the conduct of code reviews and security testing during a focused "security push". Before software subject to the SDL can be released, it must undergo a Final Security Review by a team independent from its development group. When compared to software that has not been subject to the SDL, software that has undergone the SDL has experienced a significantly reduced rate of external discovery of security vulnerabilities. This paper describes the SDL and discusses experience with its implementation across Microsoft software.

External Article

All about the 'Case'

When installing SQL Server, regardless of versions and editions, SQL Server database administrators tend to choose the default collation and sort-order, which is SQL_Latin1_General_CP1_CI_AS. Though case insensitiveness makes the life of the database developers and database administrator's easy, there are situations where case sensitivity should be enforced just as password checking is enforced.

In this article, I would like to discuss different methods for achieving case sensitivity in a case insensitive database/server.

SQLServerCentral Article

Automating DTS Execution

Database Transformation Services (DTS) in SQL Server 200 was a breakthrough tool, really paving the way for a low-cost, easy to use, ETL tool. However, it was not a true robust programming environment and contains quite a few quirks that are apparent as you get into more detailed packages. New author Gus Carnu addresses one of those issues with a look at the ExecutePackage task.

SQLServerCentral Article

An Identity Crisis

SQL Server includes autonumber of identity columns despite the fact that they are not SQL-92 compliant. There is quite a bit of debate over the use of them in your database, but if you do decide to use them, you should be aware of potential problems. New author Troy Ketsdever brings us a story about his identity crisis and how it was solved.

External Article

SQL Server 2005 Security - Part 4

In this article, we will conclude our coverage of security related changes in SQL Server 2005 Beta 2 (although we will continue discussion of improvements in other functionality areas throughout the reminder of this series). The topics we will focus on here are code and module signing, modifications of SQL Server Agent and SQL Profiler operations, as well as monitoring and auditing changes.

SQLServerCentral Article

Migration to Production

SQL Server is an easy to use product in many ways, much better than the other major RDBMSs out there. However it's source control and ease of moving changes from development to production needs some work. Having a solid process is as important as good tools and new author Grant Fritchey brings us his proven method for moving changes through QA into production.

Technical Article

Creating a User Defined Aggregate with SQL Server 2005

SQL Server doesn't have a Product aggregate function. A recent blog post by Karen Watterson pointed out that Microsoft Knowledge Base article Q89656: Simulating a PRODUCT() Aggregate Function discusses how to achieve the Product aggregate functionality using the POWER function. We e-mailed about it and she challenged me to create a Product aggregate in SQL Server 2005. I decided to accept the challenge.

External Article

SQL Server 2000 Security - Part 6 - Ownership and Object Permissions

We have described, so far, authorization based on a predefined fixed server (determining a set of SQL server-wide privileges) and database (applying to database objects and activities) roles. We have also discussed application roles, which makes the level of permissions independent of those assigned to a SQL Server login or a database user account. Now it is time to look into permissions from the point of view of database objects. There are two main factors that play a role in determining how access rights to them are evaluated - their ownership and custom permissions. We will discuss the first one of these topics in this article and will continue with the other one in the next installment of this series.

SQLServerCentral Article

Securing SQL Backups

SQL Server does many things very well, but securing itself is not one of them. While securing your server requires some effort, there is an area that many people forget. Securing your backups! Brian Kelley, our resident security expert, brings some advice and ideas for ensuring your data will not be stolen.

Blogs

Counting Groups with Window Functions: #SQLNewBlogger

By

I looked at row_number() in a previous post. Now I want to build on...

Extending a SQL Server Failover Cluster Across Regions in  Google Cloud Platform (GCP)

By

I was the principal author of this SIOS whitepaper, which describes how to build...

Read the latest Blogs

Forums

How to determine if a DB is currently being used

By dax.latchford

Hi - I'm looking for advice regarding the best & quickest way to establish...

Data cleansing/conversion tool HPE

By juliava

Hello.   I am looking for a tool Data cleansing/conversion, was recommended HPE any...

System views in a contained availability group

By mark4data

I have a query that runs in a job to check on orphaned users....

Visit the forum

Question of the Day

The LAGging NULL

I have this data in a SQL Server 2022 table:

player         yearid team HR
Alex Rodriguez 2012   NYY  18
Alex Rodriguez 2013   NYY  7
Alex Rodriguez 2014   NYY  NULL
Alex Rodriguez 2015   NYY  12
Alex Rodriguez 2016   NYY  9
If I run this code, what are the results returned in the hrgrowth column?
SELECT
  player
, yearid
, hr
, hr - LAG (hr, 1, 0) IGNORE NULLS OVER (ORDER BY yearid) AS hrgrowth
FROM dbo.playerstats;

See possible answers