Problems displaying this newsletter? View online.
SQL Server Central
Featured Contents
Question of the Day
The Voice of the DBA
 

Securing All Your Connections

I read an interesting blog from the cyber security team at Microsoft, noting you should use TLS for your SQL Server connections. I would assume most professionals know that using TLS and secure protocols across the network is important. I would also assume few of us are willing to get real certificates for all of our SQL Servers, especially those in dev and test environments.

Setting up a certificate for a server instance isn't hard, but it's also not easy. It's also something that I don't know how easy would be to automate in many environments. I know that you can use APIs from somewhere like Let's Encrypt, but integrating that into a server setup process would be something. What about integrating this into instances in containers? I don't know that I think many SQL Server organizations have DNS integrated for most of their database servers, much less asking them to also get certificates set up.

I do think that Microsoft likely has better infrastructure in place, and better staff resources, than most of us. I can see this being something needed for Azure SQL DB and Azure MI. Heck, this might be something we want for all services that we get in the cloud. Since we don't control much of anything other than the service, and Microsoft can automate the process of generating certificates, this makes sense.

I think this might be something that is a good idea for production systems as well, ensuring that when a DBA or system makes a privileged connection to a database server in production, the person or process is sure of which database server is at the other end of the connection. I don't know that I've seen an exploit in the wild where someone impersonates a prod server and captures credentials in some man-in-the-middle attack, but I wouldn't be surprised if it happens.

Do you think you also ought to avoid trusting the server certificate? I don't think this is practical in many orgs, but I'd be curious what you think today.

Steve Jones - SSC Editor

Join the debate, and respond to today's editorial on the forums

 
 Featured Contents
SQLServerCentral Article

How to Reduce the Need for Bookmarks Using Parameters in Power BI

G_M_J from SQLServerCentral

Learn how to implement parameters in Power BI.

External Article

First speakers announced for Summit 2023

Additional Articles from Redgate

Your first speakers in the lineup for PASS Data Community Summit 2023 have been announced! Check out the full details for this year's Pre-Cons and Learning Pathways, and find out why some of our speakers are particularly excited for what’s in store this year.

External Article

Paging Data in T-SQL

Additional Articles from SimpleTalk

This article will show you how to page through a set of results using the OFFSET and FETCH options of the ORDER BY clause.

Blog Post

From the SQL Server Central Blogs - Code signing for mere mortals

spaghettidba from SpaghettiDBA

Well, turns out code signing is pretty complex, so I’m writing this blog post as a guide for my future self. I hope he will appreciate, and perhaps some...

Blog Post

From the SQL Server Central Blogs - Azure chaos STUDIO

BLOB EATER from All About SQL

Chaos engineering is fun but especially important when building solutions in the cloud. It is great leveraging the cloud to build something, whether that’s a globally distributed website with...

SQL Server Execution Plans eBook, Third Edition, by Grant Fritchey

SQL Server Execution Plans, Third Edition, by Grant Fritchey

Grant Fritchey from SQLServerCentral

Every Database Administrator, developer, report writer, and anyone else who writes T-SQL to access SQL Server data, must understand how to read and interpret execution plans. This book leads you right from the basics of capturing plans, through how to interrupt them in their various forms, graphical or XML, and then how to use the information you find there to diagnose the most common causes of poor query performance.

 

 Question of the Day

Today's question (by Steve Jones - SSC Editor):

 

Changing Context in Procs

I log into a SQL Server 2019 database with my AD account, named 'dkr\Steve'. I then execute this code: 
CREATE LOGIN way0utwest WITH PASSWORD = 'horsestakework';
GO
CREATE USER way0utwest;
GO
CREATE OR ALTER PROCEDURE SillyProc
AS
BEGIN
    EXECUTE AS LOGIN = 'way0utwest';  
END
GO
EXEC SillyProc;
SELECT SYSTEM_USER;
REVERT;
What is returned by the SELECT?

Think you know the answer? Click here, and find out if you are right.

 

 

 Yesterday's Question of the Day (by Steve Jones - SSC Editor)

Catching a Deleted Column

I have this code in a SQL Server 2019 database:

CREATE TABLE moduletest(
   col1 int, col2 int, col3 int)
GO
CREATE OR ALTER PROC usp_getTest 
AS
  SELECT col1, col2, col3 
    FROM dbo.moduletest
 GO
--run once to get proc in cache
EXEC dbo.usp_getTest;
GO

I now run this code:

ALTER TABLE dbo.moduletest DROP COLUMN col3
GO

When I run this next code, what is returned?

EXEC sp_refreshsqlmodule 'usp_getTest'
GO

Answer: This returns an error as there is an error in the proc code

Explanation: Since there is now an error in the procedure code, sp_refreshsqlmodule returns an error. Specifically in this case, this error: Msg 207, Level 16, State 1, Procedure sys.sp_refreshsqlmodule_internal, Line 85 [Batch Start Line 14] Invalid column name 'col3'. Ref: sp_refreshsqlmodule -  https://learn.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-refreshsqlmodule-transact-sql?view=sql-server-ver16

Discuss this question and answer on the forums

 

 

 

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.

SQL Server 2016 - Administration
SQL Mirroring with Witness - Workgroup joined computers - Hi, I am trying to configure mirroring an some old 2016 SQL servers for a client. The PCs have full communication and name resolution, but are in a workgroup (non domain). I have been successfully following this guide: Set Up Mirroring in a Workgroup Through Certificate Authentication | DBA Services .  The database "A" is […]
SQL Server 2016 - Development and T-SQL
Find the time difference between query output to the data received by the app - Hi, I am looking for some solution where i can find out how much time did sql take to give full output to the application i.e. time taken by the final select statement to give full output. Regards, Saumik Vora
Development - SQL Server 2014
How can l group row data by date using window function? - Hi In my code below the row data are not grouping into month by month name. I want to group row data of the same month. |   Date            | Revenue | | -------------- |---------| | 2023-03-01 |   500   | | 2023-03-29 |   300   | | 2023-04-15  |   600   | | […]
SQL Server 2019 - Development
Refactoring SQL queries run within Qlik not write data on db using temp tables - There are a number of SQL queries that run within Qlik that use temporary tables. Temp tables write back to the database and as a reporting tool and i dont want Qlik to be writing to a database. I need to rewrite these queries without using temp tables. I tried using CTEs but not sure […]
SSIS Data Flow when Data Access Mode is sql command is very slow - I have a ssis package where when I do a data flow from an entire table to a flat file, it's quite fast - a handful of minutes for 50 million records output. But when I do data access mode sql command from variable, it's unbelieveably slow - like hours and hours. I really need […]
SQL Azure - Development
DataFactory: How can I trigger several Tables into MSSQL - Hi everybody, I am learning Azure DF modeling. Currently we have connected a SAP System and I can already see the Tables I need. We have also connected a SQL DB and if I create a Pipeline I can copy the data of 1 SAP Table and use as SINK our MS SQL DB. When […]
SQL Azure - Administration
Error with OPENROWSET in SQLMI - Hi, I'm setting up Transactional Replication between SQL MI to SQL VM. I want to setup monitoring by executing "sp_replmonitorsubscriptionpendingcmds" and store the results into a table. When I use OPENROWSET, I keep getting getting errors with any provider name (MSDASQL or SQLOLEDB). Can someone help me with this please select * FROM OPENROWSET('MSDASQL', 'Driver={SQL […]
Reporting Services
ssrs Expression - I have field Called est_amt  with data looks like below I want sum it in ssrs Expression only that is highlight in green. I try all the possibilities didn't the amount. the right amount would be 1,365,600.00
Analysis Services
How to display data in SSAS by start and end date - I have a SQL Server 2016 OLAP Cube in the multidimensional mode and a corresponding database containing the tables Cases and Person. The Case table has the columns StartDate and EndDate and the Person table has the columns FirstName, LastName, and BirthDate. I'm using Visual Studio with the template Multidimensional Project to modify the cube. I want the cube to have multiple Time attributes: Year, Quarter, Month, Week, and […]
Strategies and Ideas
Correcting fact table records that were changed by a user - Hi there, I've got a situation I want to try to model and wanted to see what other folks have done in this situation. I've run into this before but the data set I'm working with has a lot of user error issues that I'm going to have to deal with. My understanding with Kimball […]
Integration Services
How to add CustomerID and LastName to the file name in SSIS? - There are several text files that are saved in a local driver. The file names are: Each file has only one record. The record includes fields of CustomerID, FirstName, LastName, and SubmittedDate, see below. I would like to add CustomerID, LastName and CurrentDate to the file name. The format for file name is CustomID_LastName_FileName_CurrentDate. Thanks […]
Upgrade to SQL2022 makes packages that connect to Oracle fail with data errors - We have 3 environments, dev, uat and prod. We've started to test SQL2022 by doing an in-place upgrade to SQL2022 across all of the dev server. So SQL, SSIS, SSRS and SSAS are now SQL2022. Everything was SQL2017 prior to this. It seems the only fallout is that the SQL Agent jobs on our dev […]
Tag Issues with Content
T-SQL the Problem with Scalar Functions breaking Parallelism - I am sure some of you have already experienced this but not having use Functions all that much, I recently learned that T-SQL's Scalar Functions always break Parallelism. Thus while conceptually a nice idea for compartmentalizing code it is basically useless unless you do not have parallelism available to you for one of the other […]
SQL Server 2022 - Development
Mastering SQL Server 2022 Development Unlocking the Power of the Latest Database - In the world of data management, SQL Server has established itself as a robust and reliable database platform. With each new version, Microsoft continues to enhance SQL Server's capabilities, offering developers and administrators new tools and features to improve performance, security, and scalability. SQL Server 2022 is the latest release, packed with exciting advancements that […]
Find spaces between First and Last Name in Microsoft SQL - I want to find the space between First Name and Last Name in SQL Server or First Name and Middle Name. I am aware of space function, but not sure if we can use it to find the space between two words. My table has around one million rows in the table. One of the […]
 

 

RSS FeedTwitter

This email has been sent to {email}. To be removed from this list, please click here. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com.
©2019 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
webmaster@sqlservercentral.com

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -