Problems displaying this newsletter? View online.
SQL Server Central
Featured Contents
Question of the Day
The Voice of the DBA
 

Bad Culture Bad Security

I ran across a blog noting that Cisco has a vulnerability in a new product. The blog also lists two (one, two) articles showing that Cisco has had hard-coded credentials in the past. I understand that many times a known process is repeated, essentially copy-pasted between people, and we have similar issues as we have had in the past. However, in 2022 or 2023, it's unacceptable to hard-code credentials in digital systems that will be used in today's world.

What's worse than having this issue is stating that the fix is "an upgrade". Their verbiage for those without a service contract is: "Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade." Which, to me, is not only bad for the world, but it's equivalent to the stuff that bulls leave behind in the fields.

I suspect that this product and software were based on something that already exists, and it was rushed out without a good security evaluation. Or perhaps there are developers and managers who don't think that hard-coding credentials will compromise security.

That's a cultural problem. Either you're going too fast, or you don't take this seriously, either way, you don't have a good culture that values quality and protection. Certainly, their disclaimer about needing valid contracts or proving you have a device to get a security patch for a flaw they built is also a sign of a poor culture that doesn't really understand the problems they are creating, nor are they taking responsibility for the issues.

At the very least, fixing their poor security ought to be free and easy. I get that there are likely some software upgrades included in this patch, given the nature of software development and limited branches under support. However, there are other ways to ensure those features aren't enabled for customers who shouldn't have them. Making the entire world of computer network infrastructure less secure because you want customers to pay for your mistakes isn't a model I'd want to adapt.

I know many people don't want more regulation or guidelines from governments (or even from insurance), but if I were going to accept some universal restriction, this would be the place. If you use hard-coded passwords, your product can't be sold and no insurance claims apply if you are sued.

Maybe that would change the way Cisco and others build software.

Steve Jones - SSC Editor

Join the debate, and respond to today's editorial on the forums

 
 Featured Contents
SQLServerCentral Article

Transform your Winning team into a Champion Team

Girish Ganesamanian Tirunelveli from SQLServerCentral

Businesses worldwide now operate on a team basis, and a high-performing team is crucial for high-performing organizations. Winning teams are more focused and better than regular teams. They focus on synergies and achieving significant results. They are an extension of regular teams with a higher sense of commitment to objectives and mutual purpose. Winning teams have a clear mission and achievable performance goals for each member, aiming for extraordinary goals. They are more committed to the vision and have a passion for achieving the mission. Winning teams work collaboratively to discover new work approaches, principles, and practices, focusing on decision-making, creative problem-solving, industry standards, and effective communication. They establish processes from beginning to end to complete tasks effectively. The difference between winning team and a regular team is very clear. However, what makes a winning team a champion team. This paper aims to provide valuable insights into the differentiating factors of a champion team from a winning one.

External Article

The promise – and the perils – of GitHub Copilot

Additional Articles from SimpleTalk

There’s been a lot of talk about GitHub Copilot recently, loudly touted as Your AI pair programmer. According to GitHub, Copilot for Business brings the power of generative AI to engineering teams, accelerating the speed of software development and innovation.

External Article

Understanding Locking, Data Modification and Committing Data in SQL Server

Additional Articles from MSSQLTips.com

Learn about how SQL Server uses locks when modifying data and how data is committed to a database after data changes.

Blog Post

From the SQL Server Central Blogs - Common Mistakes in SQL Server – Part 4

Hemantgiri S. Goswami from SQL Server Citation - SQL Blog by Hemantgiri S. Goswami, SQL MVP

Last week we have discussed how Null Values can cause a trouble in Common Mistakes in SQL Server – Part 3. This week I would like to draw your...

Blog Post

From the SQL Server Central Blogs - Using the Pure Storage PowerShellSDK2 - Part 2 - Working With Data

aen from Anthony Nocentino Blog

Welcome back to the second installment of our series using the Pure Storage PowerShell SDK2. In this post, we’ll dive into working with object data using Pure Storage PowerShell...

Pro SQL Server 2022 Wait Statistics: A Practical Guide to Analyzing Performance in SQL Server and Azure SQL Database

Site Owners from SQLServerCentral

Use this practical guide to analyze and troubleshoot SQL Server performance using wait statistics. You'll learn to identify precisely why your queries are running slowly. And you'll know how to measure the amount of time consumed by each bottleneck so you can focus attention on making the largest improvements first. This edition is updated to cover analysis of wait statistics current with SQL Server 2022. Whether you are new to wait statistics, or already familiar with them, this book provides a deeper understanding on how wait statistics are generated and what they mean for your SQL Server instance’s performance. 

 

 Question of the Day

Today's question (by Steve Jones - SSC Editor):

 

The Column Synonym

Can I create a synonym for a column?

Think you know the answer? Click here, and find out if you are right.

 

 

 Yesterday's Question of the Day (by Steve Jones - SSC Editor)

TRUNCATE an FK

I have this table in a database with a lot of data.

CREATE TABLE Employee
(EmpID INT NOT NULL
, EmpName VARCHAR(20)
, MgrID INT 
)
GO
ALTER TABLE dbo.Employee ADD CONSTRAINT
FK_Employee_Employee FOREIGN KEY
(
MgrID
) REFERENCES dbo.Employee
(
EmpID
) ON UPDATE  NO ACTION 
 ON DELETE  NO ACTION 

GO

TRUNCATE TABLE isn't allowed with tables that are referenced by a FOREIGN KEY constraint. What happens if I run TRUNCATE TABLE on dbo.Employee?

Answer: It works fine always

Explanation: This works. The documentation notes you cannot use TRUNCATE on tables that "are referenced by a FOREIGN KEY constraint. You can truncate a table that has a foreign key that references itself." Ref: TRUNCATE TABLE - https://learn.microsoft.com/en-us/sql/t-sql/statements/truncate-table-transact-sql?view=sql-server-ver16

Discuss this question and answer on the forums

 

 

 

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.

SQL Server 2017 - Development
Can’t return role based on employee no from three columns? - I need to write a SQL Server query return only one role from table dbo.F6000059 based on employee no, but I face issue I don't know how to return the correct role. I will return only one role from table dbo.F6000059 if "employee no" exists in columns REAN82 or REAN83 or REAN84. And role name will return will be only one roles from below […]
SQL Server 2016 - Development and T-SQL
Delete large number of rows help - I have a batch process where i have to delete around 75 MIL rows out of 1.3 Billion rows table.  And then insert the new rows back. I have been told that there is no way to do incremental load on these. I believe the DELETE operation is taking very long (2-3 hours). Database is […]
SQL 2012 - General
how to calculate the RAM used while running a query - how to calculate the RAM used while running a query
SQL Server 2012 - T-SQL
Adding records between records - Hi, Trying to figure out how to approach this... I will have data where these is an ID and a date. I want to add  records  between the two dates Max up to 6 days between the actual dates. example DATA: ID, SomeDate, Flag 3642570, 2023-09-01 00:00:00.000, X 3642570, 2023-09-06 00:00:00.000, X 3642570, 2023-09-13 00:00:00.000, […]
SQL Server 2019 - Administration
How to enable Always Encryption in SQL Server Agent Jobs - I am trying to run a SQL Agent job to select an encrypted column, but it's still shows as encrypted. How can I run SQL agent job to run with Always Encryption enabled.
SQL SSIS job failing with out of memory error - Hi All, Most of the time SQL SSIS job failing with out of memory error. The package are hosted in SSIS catalog. My question is - Will SSIS & SSAS use memory within SQL max and min memory (or) out of SQL server? I have SQL SSIS, SSAS & two instance of DB engine. I […]
Ola IndexOptimize - USER_DATABASES failed - EXECUTE [dbo].[IndexOptimize] @Databases = 'USER_DATABASES', @LogToTable = 'Y' Job Name                            IndexOptimize - USER_DATABASES Step Name                          IndexOptimize - USER_DATABASES Duration                              01:00:14 Sql Severity        16 Sql Message ID  50000 Operator Emailed Operator Net sent Operator Paged Retries Attempted          0   Message Executed as user: NT SERVICE\SQLSERVERAGENT. ...0)  Server: SERVER1 [SQLSTATE 01000] (Message 50000)  Version: 15.0.4316.3 [SQLSTATE 01000] […]
Ola IndexOptimize - USER_DATABASES failed - EXECUTE [dbo].[IndexOptimize] @Databases = 'USER_DATABASES', @LogToTable = 'Y' Job Name                            IndexOptimize - USER_DATABASES Step Name                          IndexOptimize - USER_DATABASES Duration                              01:00:14 Sql Severity        16 Sql Message ID  50000 Operator Emailed Operator Net sent Operator Paged Retries Attempted          0   Message Executed as user: NT SERVICE\SQLSERVERAGENT. ...0)  Server: SERVERABC [SQLSTATE 01000] (Message 50000)  Version: 15.0.4316.3 [SQLSTATE 01000] […]
Expand disk size for SQL 2019 High Avalability Group - Hi, Due to the data growth, we have to increase the disk size where the data files resides. Our SQL 2019 high availability group is running in VMWare v.7. 2 nodes. Do I right click the VM, Edit Settings, then increase the disk size, then expand it in disk manager? I assume I have to […]
KB5029375 - SQL Server 2017 GDR - I have been trying, on and off, to install the latest CU/GDRs on test servers since Friday by obtaining the updates from: Latest updates and version history for SQL Server - SQL Server | Microsoft Learn I have had no problem with SQL2019 CU23 or the SQL2016 GDR. I cannot get the SQL2017 GDR to […]
SQL Server 2008 - General
MSSqlServer 10.50.6000.34 Event-ID 18456 LoginError - Hi Experts, how can I fix this error NT-AUTHORITY\SYSTEM Cause: Error opening the explicitly specified database. [CLIENT: ] Thank  you, Stephan
MSSqlServer 10.50.6000.34 Event-ID 18456 LoginError - Dear Experts, Nothing special, just an annoying returning entry in Windows-Event- Protocol. => SQL Server 2008 However, the Event viewer is throwing permanently an error: Error logging in for the user 'NT-AUTHORITY\SYSTEM'. Cause: Error opening the explicitly specified database. [CLIENT: ] - System - Provider [ Name] MSSQLSERVER - EventID 18456 [ Qualifiers] 49152 […]
SSRS 2016
100% stack bar chart with periods and time axis - Hello, I am trying to develop a report that would display periods of time (segments) on time axis and grouped by equipment, like below: Colored bars are segments (Duration in seconds). On X-Axis i would like to display time. But as long as i am using X-Axis as a default 1-100 i can see segments, […]
Integration Services
Trouble Upgrading SSIS Project and Packages from Targeting SQL 2014 to 2022 - Taking an existing Visual Studio SSIS Project that targets SQL Server 2014 to now target SQL Server 2022 through the suggested course of the "Upgrade All Packages" has been unsuccessful. The reason being was we were trying to avoid having to recreate the project and packages from scratch. We are using Visual Studio 2019 version […]
SQL Server 2022 - Development
Extract file in zip format - Good afternoon, Devs. My name is André, and I'm new here. I'd like to ask for your assistance with a problem I'm currently facing. I've taken over the migration of an application where the database is in SQL Server, and there's a table containing files stored in a column of type "ntext." According to the […]
 

 

RSS FeedTwitter

This email has been sent to {email}. To be removed from this list, please click here. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com.
©2019 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
webmaster@sqlservercentral.com

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -