Problems displaying this newsletter? View online.
SQL Server Central
Featured Contents
Question of the Day
The Voice of the DBA
 

Daily Coping Tip

Look for something positive to say to everyone you speak to

I also have a thread at SQLServerCentral dealing with coping mechanisms and resources. Feel free to participate.

For many of you out there working in a new way, I'm including a thought of the day on how to cope in this challenging time from The Action for Happiness Coping Calendar. My items will be on my blog, feel free to share yours.

The Challenge of Edge Security

We know that our organizations will adopt and use more devices over time. Given the growth of cheap computing, frameworks for managing devices, and the desire for more data, I expect some of those devices will collect data, or even contain databases. Azure SQL Edge use is growing, and we will see more devices that contain it (or another database platform), which means we have a larger attack surface area for that data.

There was a recent report on a vulnerability in edge devices used by AT&T that was detected as part of an attack. The attack used a known vulnerability based on default credentials. The vulnerability was fixed, but the patch required manual work. From various reports, it is unclear whether devices have been patched. It's also unclear if customer data was accessed. Here is one such report, but there are others, all with similar information.

When developers build something, whether a device or just software, we often set up easy ways for us to access the system to test features and functionality. Certainly when software is deployed to users, there is often a default credential that is supplied. I don't know if this is good or bad, and if the management of random credentials for each device might result in better or worse security. Strong passwords might lull customers into feeling that they don't need to change anything.

I do think that the installation of any software ought to require a strong password. Once one is entered, and defaults ought to be permanently removed or changed. Leaving around defaults for maintenance or ease of updates is a sure way to get hacked. If we've learned anything in the age of computing it ought to be that anything you deploy in the wild will be taken apart and analyzed by someone. Hard-coded values or default accounts will become known.

The bigger problem might be that patching is still a problem and even more of a problem when it's not easy. I know that the SQL Server update system is fairly easy, but not dead simple. Many people still don't apply patches. Heck, even when updates are built into something like Windows, people try to avoid patching their systems.

For those of us that work with databases, we may or may not control the update process. We can, however, ensure that those that do are aware of when patches are available, how far behind the system is, and where to get the patch. That information, and a little pressure, will become increasingly important as we deploy and work with data on more edge devices.

Steve Jones - SSC Editor

Join the debate, and respond to today's editorial on the forums

 
 Featured Contents
SQLServerCentral Article

Is SQL Server Profiler in Azure Data Studio?

Daniel Calbimonte from SQLServerCentral

Introduction Do we have the SQL Profiler in Azure Data Studio? In a previous article, we compared SSMS and Azure Data Studio. Now we will compare the new SQL Profiler against the old one. If you check the SQL Server Profiler documentation, you will find that SQL Profiler is deprecated and that that feature will […]

External Article

Why cloud and hybrid estates are important - but bring complexity

Additional Articles from Redgate

With 92% of organizations now reported to be multi-cloud, a well thought-out approach to cloud migration is imperative. Download our final insights report in this series on database monitoring to find out how 2500+ of your peers are dealing with the challenge.

External Article

Working with PowerShell strings

Additional Articles from SimpleTalk

Knowing how to manipulate strings is critical in any language. In this article, Greg Moore explains working with PowerShell strings.

Blog Post

From the SQL Server Central Blogs - Azure Synapse Analytics November updates

James Serra from James Serra's Blog

Microsoft recently came out with a blog on a bunch of new features available for Azure Synapse Analytics (see Azure Synapse Analytics November 2021 Update), and I wanted to...

Blog Post

From the SQL Server Central Blogs - Copying large files from SharePoint Online

Meagan Longoria from Data Savvy

I recently worked on a project where we needed to copy some large files from a specified library in SharePoint Online. In that library, there were several layers of...

 

 Question of the Day

Today's question (by Steve Jones - SSC Editor):

 

Azure MariaDB

Which compatible Azure database service would you use for a MondoDB workload?

Think you know the answer? Click here, and find out if you are right.

 

 

 Yesterday's Question of the Day (by Steve Jones - SSC Editor)

Short String Masking

I have a table with a column defined as CHAR(2). I apply the masking default function to this string with the code:

ALTER TABLE dbo.DDMTest ALTER COLUMN shortstring ADD MASKED WITH (FUNCTION='DEFAULT()');

I insert data into this column with:

INSERT DDMTest (shortstring) values ('A');

What value is returned if a user that does not have the UNMASK permission queries this row?

Answer: XX

Explanation: The default function returns 4 Xs if the length of the field is 4 or more characters in length. For a field less than 4 characters, the length of the field is returned in Xs, so XX in this case. Ref: Dynamic Data Masking - https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking?view=sql-server-ver15#defining-a-dynamic-data-mask

Discuss this question and answer on the forums

 

 

 

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.

SQL Server 2017 - Administration
T-SQL Error: Msg 102, Level 15, State 1, Line 4 Incorrect syntax near '('. - I could use some help figuring why this use of CONVERT isn't working as expected. --T-SQL Code: 1 SET nocount ON 2 DECLARE @JobName sysname 3 SELECT @JobName = [name] FROM msdb.dbo.sysjobs 4 WHERE Job_id = CONVERT(uniqueidentifier, $(ESCAPE_NONE(JOBID))) 5 PRINT '>'+@JobName+'<' --Error: Msg 102, Level 15, State 1, Line 4 Incorrect syntax near '('. --SQL […]
SQL Server 2017 - Development
Issue with Schema Removal from Table or view - Example 1 declare @statement varchar(100) = '[dbo].[vw_EmployeeData]' select @statement, CHARINDEX('.',@statement,6) i want to remove schema dbo and bracketsfor schema and view name and i need the column data to be like this vw_EmployeeData Example - 2 dbo.Employee we have some rows with data with only schema with out brackets . i need to remove schema […]
SQL Server 2016 - Development and T-SQL
adding hh:mm:ss time to yyyy-mm-dd hh:mm:ss format - I am trying, and this is just a start I've made, to cast and add hh:mm:ss time to yyyy-mm-dd hh:mm:ss format. I realize I may have to declare some variables to get this to work and I'm sure I'll have to explain this more especially since 'DATEADD([created_at] + [event_sec])' needs much work: INSERT INTO [portman].[dbo].[AgentHours] […]
Development - SQL Server 2014
Month Name - Hi How to get Month Name from Date field Thanks
Error - Invalid column value ltotal,BAmt,Td - Hi In below query i am getting above error Select  T0.Code,T1.Item, (Select lTotal = sum(LTotal) from P1 T where T.Doc = T1.Doc ) as 'LTotal', (Select BAmnt = sum(BAmnt) from P1 T where T.Doc = T1.Doc), (Select Td = sum(Td) from P1 T where T.Doc = T1.Doc), (ltotal/BAmt)*Td FROM tb T0 inner join tb1 T1 […]
Select TOP N returning N+ rows with OpenQuery to Snowflake - I have a basic query using openquery and a linkedserver pointing to a Snowflake DB.   When I select Top 1000  (e.g. Select Top 1000 * From OpenQuery(...)) it results 1035 rows. I've tried it with multiple TOP N values and most times it returns a higher row count but never less. Setting the Rowcount was […]
SQL 2012 - General
Linked Server usually does not work, sometimes it will connect - I've a problems with Linked Servers I created for particular farm. I've setup many linked servers this way before and never seen such problem. The two servers are on farms on the opposites sites of the continent, but connecting directly from A to B in SSMS works without practically any delays at all. Linked server […]
SQL Server 2019 - Administration
SQL Server 2016 to 2019 now SSRS Cannot create a connection to data source - We upgraded from SQL Server 2016 to 2019, and our reports on the report server now say: An error has occurred during report processing. (rsProcessingAborted) Cannot create a connection to data source 'DataSource1'. (rsErrorOpeningConnection) A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not […]
SQL and SSIS services in "Change Pending" state - Microsoft SQL Server 2019 (RTM-CU13) (KB5005679) - 15.0.4178.1 (X64) Sep 23 2021 16:47:49 Copyright (C) 2019 Microsoft Corporation Standard Edition (64-bit) on Windows Server 2019 Standard 10.0 (Build 17763: ) (Hypervisor) Using GMSA for service account. Nothing installed no changes. Seems when I reboot this server I always need to do it twice. Always […]
queries running during the sql backup - Hi, I would like to know answers for below questions. Kindly confirm the process during the sql backup. Backup of our application takes around 1.5 hours to complete, meanwhile the users are still able to access the site and make transactions. The query is that: 1) Are those transactions are also being backed up in […]
ERROR when Editing Job Steps - Ahoi, when im trying to edit jobs i get a weird error. EDIT: Restarting the server removes the problem, but its not telling me what is the cause =================================== Timeout expired. The timeout period elapsed prior to obtaining a connection from the pool. This may have occurred because all pooled connections were in use and […]
SQL Server 2019 - Development
Arithmetic overflow error converting expression to data type smallint - Hi everyone I am getting error Arithmetic overflow error converting expression to data type smallint The calculation I am doing is producing very small numbers like 0.0000005328. How can I fix the calculation so it produces correctly?  I am guessing I have to typecast the calculation so it works properly because smallint is definitely wrong.  […]
How to sum on one value and not to sum on another value - I have such a situation. I have a query where I want to some one field and not to sum another (maybe subquery might work?) I want to sum On Order column but not to sum Inventory On Hand. This is how my table looks right now   On order comes from [SCHEDRCPTS] where there […]
Powershell
invoke-sqlcmd : Cannot open database requested by the login. login. Login failed - Hello, I am not able to figure out why invoke-sqlcmd is not working. It’s giving login failed error..This user has sysadmin permissions. When the azure release pipeline runs, if the database does not exist then it restores the new database from the .bak file....and i am using invoke-sqlcmd command for that......when i try to run […]
SQLServerCentral.com Website Issues
Emails from forum posts aren't going to the post - I've noticed that the emails about forum posts I've been getting from SQLServerControl.com the last week or so, no longer point to the post in the forum. I just wanted to mention this.
 

 

RSS FeedTwitter

This email has been sent to {email}. To be removed from this list, please click here. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com.
©2019 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
webmaster@sqlservercentral.com

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -