Problems displaying this newsletter? View online.
SQL Server Central
Featured Contents
Question of the Day
Redgate University
The Voice of the DBA
 

Daily Coping Tip

Accept your mistakes as a way of helping you make progress.

I also have a thread at SQLServerCentral dealing with coping mechanisms and resources. Feel free to participate.

 

For many of you out there working in a new way, I'm including a thought of the day on how to cope in this challenging time from The Action for Happiness Coping Calendar. My items will be on my blog, feel free to share yours.

Detecting Logins

Do you have a login on any of your SQL Server instances that is named "default"? If you do, you might have an issue with the MrbMiner malware that has infected a number of SQL Server instances. This adds a login with the name of default and the password of "@fg125kjnhn987.".

Stop and double check your instances now. If you use SQL Monitor, you can also add this custom metric to your alerts to look for this on an ongoing basis.

I don't know this is a SQL Server problem. It's really a user/administrator issue. This works by looking for weak passwords, which is always a problem. It's also an issue if you have an exposed SQL Server connected directly to the Internet. Shodan shows lots of SQL Servers on the Internet, and if you own any, you might be sure you have *very* strong passwords.

Or remove them from public Internet access.

While this is easy to detect, what if the login were stevejones? Can you detect if logins are added to your SQL Server. Sure you can, but would you really notice something strange? On my instances, where I add all logins, I would. In many organizations where I've worked, more than one person added logins, and logins could be added on a regular basis. Often these are associated with tickets in some system, like Jira, but even if they are, would you know an extra one got added?

I bet most people wouldn't notice, especially across their estate and with a team of administrators.

That's a problem, and it's one where we ought to perhaps have good controls in place. There are a few places I know where every change is submitted to a pipeline of sorts, meaning that everything is logged, and given the integration with release management tools and ticketing systems, things could be audited. Maybe more importantly, approved logins could be added to a list that might be compared with the actual list on a server.

Possible, but not necessarily simple to implement or get right. Maybe the low tech solution I'd use is a daily report that included changes from the previous day. All administrators could check it to be sure any new logins were added by one of them.

You should know how to secure your SQL Server. Implement strong controls, and be sure that you periodically audit for anything unusual. At the very least, ensure you have monitoring so that any unusual or strange activity might be detected.

Steve Jones - SSC Editor

Join the debate, and respond to today's editorial on the forums

Redgate University
 
 Featured Contents

Application down after SQL Service logon account change

iLearnSQL from SQLServerCentral

I was working on one of my clients server recently. This was during a normal maintenance monthly activity to reboot the database server every first weekend. I rebooted the machine, and as per the defined steps, I checked the SQL services after the reboot to ensure they were up. I verified all SQL Services and […]

Hidden treasures of SQL Prompt

Additional Articles from Redgate

You are invited to discover features of SQL Prompt that you may not even know exist. We will will walk you through the treasure map of SQL Prompt and show you where all the great features are buried.

The Social Impact of Artificial Intelligence and Data Privacy Issues

Additional Articles from SimpleTalk

Like any technology, AI can be used for evil instead of good. Shree Das explains several examples and what should be done to prevent the misuse of data.

From the SQL Server Central Blogs - Capture Execution Plans Only For Long Running Queries

Grant Fritchey from The Scary DBA

I love questions. Most of all, I love questions I can answer. I spotted this question recently: How can I use Profiler to capture execution plans for queries over...

From the SQL Server Central Blogs - Custom deployment parameters in Azure Data Factory - Forget Me Not

Rayis Imayev from Data Adventures

(2020-Sep-26) Last week one of my Azure Data Factory (ADF) deployment pipelines failed with an error that it couldn’t find some of the deployment parameters that I try to override,...

 

 Question of the Day

Today's question (by Steve Jones - SSC Editor):

 

Linux Authentication

What types of authentication can I use for my Windows clients when I have a SQL Server 2019 instance running on Ubuntu 16.04?

Think you know the answer? Click here, and find out if you are right.

 

 

 Yesterday's Question of the Day (by Steve Jones - SSC Editor)

Deleting a branch in Git

I have created a branch, called feature/stevesales, in git. I have completed my work, pushed it, and had the changes merged into the main branch. I switch back to the main branch to pull and start the next round of work. However, I want to clean up my local branches. How do I delete my local "feature/stevesales" branch?

Answer: git branch -d feature/stevesales

Explanation: The git branch command is used to manage branches. The -d option will delete a branch. Ref: git branch - https://git-scm.com/docs/git-branch

Discuss this question and answer on the forums

 

 

 

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.

SQL Server 2017 - Administration
slack community dbatools - Good morning all , Who has an idea please how I can join the dbatolls in slack community https://sqlcommunity.slack.com/?redir=%2Fmessages%2FC1M2WEASG%2F https://github.com/sqlcollaborative/dbatools/#getting-started I can't connect to it thanks
SQL Server 2017 - Development
Auto generate AlphaNumeric with defined letters and numbers (e.g. A1-A6) - Hi to All, This is the problem, I need to generate a sequence AlphaNumeric characters based on certain condition. For example, the requirement is 6x3 see below output. The next alphanumeric is B3. Once it become B6 the next is C1-C6 only, it cannot exceed to next D1 because its only 6x3.  If the requirement […]
SQL Server 2016 - Development and T-SQL
issue with adding another column in a table - Hi, i have a table named as Book_master_tbl having only 10 records and as per design I need to add another column to this table called reserve with type int but when I take it design mode and added the column so no issue raised but when i try to select ist 100 rows so […]
If no record (from table variable) found in a table return null value instead - Hello, I am sure this is simple but I just can't get what I am looking for. Hopefully someone can help a novice. Let me explain: I am trying to check a table variable value (list of accounts) against a table and return a full listing of data, but return NULL where the account does […]
Development - SQL Server 2014
Calculating offset (adding days to a date but keeping same day name of week) - Ok, I've written a bit of code and it's horrible and looks terribly inefficient and long winded but I'm having some brain fade on how to improve it... I have a DateTime say today. I have a number of elapsed days after this first date. This is used to calculate a second date by adding […]
Calculation on Row number using Row_Number() OVER - Hi all Looking for some help with the below and massively appreciate any help We have a Sales and Retention Campaign that we dial. Data providers will occasionally send a number to us to contact that they have sent us previously and that we have already sold to. I am looking for a way to […]
tsql works but store procedure with variable doesnt work - Hello, i just have a simple select statement, and i get the max value from one table that i use to at it to the where clause from another table, example: select Max(Order_ID) from dbo.orders then get that max id manully and copy it to the below select statement select * from customer_orders where orderID […]
showing result of query in Pivot table - I am trying to develop a pivot table. Please see the attached image for required output. I am unable to design the pivot query for the required solution. This is my sql query ::   select b.SchoolName, c.KaryakramName, a.NikashaAmount from TBL_NIKASHA a inner join TBL_SCHOOL b on b.SchoolId = a.SchoolId inner join TBL_KARYAKRAM c on […]
SQL Server 2012 - T-SQL
convert scalar function to table valued function - hi all, great day i failed to convert the below scalar function to table valued function, i tried many times and always got error appreciate if anybody assist in this issue   ALTER FUNCTION [dbo].[fn_GetLeaveDays] (@DateFrom DATETIME2,@CalendarFunction INT,@DateTo AS DATETIME2,@AdjustMode BIT,@AdjustWeekEnds BIT,@AdjustHolidays BIT) RETURNS INT AS BEGIN IF @DateFrom>@DateTo BEGIN DECLARE @T DATETIME2=@DateTo,@F DATETIME2=@DateFrom SELECT […]
SQL Server 2019 - Administration
Using Intel Optane/DAX/PMEM with FCI - I'm working to plan a new upgrade to our existing data warehouse infrastructure.  We're looking at local redundancy options and figure that a traditional FCI will be better than an AG due to the large data sizes we are working with and our San admin's discouragement to doubling our storage costs. At the same time, […]
How to get Isolation Level of connection - I need a way to see what Isolation Level a connection is using? I suspect a software vendor is using READ_UNCOMMITED, but I need to know. /Brian
SQL Server 2019 - Development
In search of Database scripts version control strategy or process - Hello! I am looking for strategy/process that helps to achieve database scripts version control and deployment automation. Kindly share your strategies/process that you follow.
API Newbee - Hi Guys, I'm completely new to API's and i was wondering if there is a way of retrieving the data from an API Json format into an SQL database either via SSIS or SSRS or something else. I know you can use several programs like POSTMAN to run the API and you can also export […]
General Cloud Computing Questions
Azure DevOps - How To Pull Out Timings for User Stories - Hello all, Apologies, if I raise the question under a wrong forum. I am completely new to Azure DevOps and would like to build a report of timings for user stories, for example I would like to have a list of user stories and next to each of them either date columns or concatenated dates […]
SSRS 2016
SSRS superscript - Hi, How to display below superscript format in ssrs 2016?
 

 

RSS FeedTwitter

This email has been sent to {email}. To be removed from this list, please click here. If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. This newsletter was sent to you because you signed up at SQLServerCentral.com.
©2019 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
webmaster@sqlservercentral.com

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -