| A community of more than 1,600,000 database professionals and growing |
| | | Wow. Just Wow Wow. Just Wow. Yes, I meant to use a capital letter there. The Red Cross' Blood Service in Australia had database backups on a website that anyone could access. That means that anyone could download the backup, which contained PII (Personally Identifiable Information) about donors. This was a mysql dump file, which is shockingly easy to restore, so anyone could have read the file inside of an hour. To be fair here, this wasn't the Red Cross' fault. A partner had put the file on a website, perhaps for developers or an analyst to download, but the web server had directory browsing available and was serving data on a public IP. That's three major faults, and perhaps a fourth since the backup file wasn't protected at all. How many of us have innocently taken a backup, put it in a location for someone else to download inside our company, and not thought anything of the action? If you have done this, would you know if the file were accessed and downloaded by the wrong person? In most cases we wouldn't because the correct person might download the file as well and we wouldn't think anything had ever gone wrong. That's a problem with data. We don't get necessarily notified if someone makes a copy. We certainly have no way of knowing if the backup files we create are ever restored by an unauthorized user, much less just copied. We often just assume that data at rest is just at rest and isn't ever mishandled without our knowing about it. This is a good reason why we should be practicing security by default in most every case. All our backups should be protected at the very least with passwords. Even if everyone in the organization knows the password, some random person that might steal a laptop or browse an unsecured web server won't know it. The password also shouldn't be easily guessed, and if possible, the data should be encrypted. Always. What's more, I would hope that we would use secure ways of moving information around with our fellow employees and partners. I know Dropbox is a very convenient and tempting mechanism to use, but is it really appropriate? It might be good enough if you've protected the data in other ways, but I'd be very, very wary of using any public service that doesn't allow for some sort of security that can be tied to individual, authenticated users. No matter how you choose to protect and transfer database backups, I'd also be sure that you don't leave the information there indefinitely. Have expiration times where files are removed. All encryption and protection can be cracked, given enough time and resources, so don't leave your files there forever. Steve Jones from SQLServerCentral.comJoin the debate, and respond to today's editorial on the forums |
| | The Voice of the DBA Podcast Listen to the MP3 Audio ( 3.8MB) podcast or subscribe to the feed at iTunes and Libsyn. The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. |
|
|
|
| | ADVERTISEMENT | | | | Track schema changes for free DLM Dashboard tracks SQL Server databases to show you exactly what schema changes have been made, by who, and when. You get a full history, with line-by-line differences, and a clear audit trail of your database moving from development to production. Download free tool. |
| | | | | How to fix SQL Server disk I/O bottlenecks (without a hammer) In this new article, Simple-Talk editor Tony Davis explains step-by-step how to find and fix the root causes of disk I/O bottlenecks, including gathering data, avoiding knee-jerk fixes, and how monitoring tools can help. Read now. |
|
|
|
| | | | | Additional Articles from SQLPerformance.com Rob Farley discusses some solutions and gotchas for implementing a custom sort using ORDER BY in T-SQL queries. More » |
| | Kenneth Fisher from SQLServerCentral Blogs SQL Server stores a create date and a change date for each object in the sys.objects system view. Unfortunately while... More » |
|
|
| | | Today's Question (by Steve Jones): If I am in a PowerShell command shell and want to change to get a list of the instance registrations I have for my local SSMS Local Server Group, what command do I use? |
Think you know the answer? Click here, and find out if you are right. We keep track of your score to give you bragging rights against your peers.
This question is worth 1 point in this category: PowerShell. We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the Contribution Center. |
|
|
| |
| ADVERTISEMENT | | SQL Server T-SQL Recipes is an example-based guide to the Transact-SQL language that is at the core of SQL Server. This edition has been lightly updated for SQL Server 2014 and provides ready-to-implement solutions to common programming and database administration tasks. Learn to create databases, create in-memory tables and stored procedures, insert and update data, generate reports, secure your data, and more. Get your copy from Amazon today. | |
|
|
|
|
|
|
| Yesterday's Question of the Day |
| Yesterday's Question (by Lesole Sebego): CREATE TABLE #NUMBERS(A SMALLINT, B INT) GO INSERT INTO #NUMBERS SELECT 30000, 2000000000 GO 2 -- 1 SELECT SUM(A) AS A FROM #NUMBERS -- 2 SELECT SUM(B) AS A FROM #NUMBERS What will be the answers for the 2 queries above? Answer: 1) 60000, 2) Fails Arithmetic overflow error Explanation: In the first query, the smallint is implicitly converted to an int by SUM. However, the expressions in the second query are int, but this will not be returned as a bigint, which is needed to store the value. Hence the error. This query would work: SELECT SUM(CONVERT(BIGINT,B)) AS A FROM #NUMBERS Ref: SUM - https://msdn.microsoft.com/en-us/library/ms187810.aspx » Discuss this question and answer on the forums |
|
|
| | | Database Pros Who Need Your Help |
| | Here's a few of the new posts today on the forums. To see more, visit the forums. Connecting to VCNSQL - I've previously just worked with local databases so I'm a newb at connecting to remote servers. My MS SQL database is... Changes made from one trigger not seen by another - Let's say that I have 2 triggers on the same table. If in the first trigger I update a row... what has been a down year for the sport. The t - [url=http://www.rc-travel.com/sites/default/files/webform/%5BUs24-TV%5D%20Sergey%20Kovalev%20v.s%20Andre%20Ward%20Live%20Stream%20Online.pdf]Watch Kovalev vs Ward live stream[/url] [url=http://www.rc-travel.com/sites/default/files/webform/%5BUs24-TV%5D%20Sergey%20Kovalev%20v.s%20Andre%20Ward%20Live%20Stream%20Online.pdf]Kovalev vs Ward live stream[/url] [url=http://www.rc-travel.com/sites/defaul entrepreneur and outsider eager to tangle - [url=https://coloradosprings.gov/sites/default/files/webform/oregon_state_vs_arizona_live_streaming.pdf] Oregon State vs Arizona Live Streaming[/url] [url=http://www.rc-travel.com/sites/default/files/webform/Oregon%20State%20vs%20Arizona%20Live%20Streaming.pdf] Oregon State vs Arizona Live Streaming[/url] [url=http://bakerartist.org/sites/default/files/resumes/not%20yet%20assigned/Oregon%20State likely to center on his career and fortune. He is expect - ?Trump’s speech announcing his decision is likely to center on his career and fortune. He is expected to cast himself... use microsoft updates - hi guys i just would like to know what use microsoft update step in the installation process does , I didnt select... Transaction log size up to 1.5 GB in 3 hours - Dear Members We have implemented SP with Filestreaming + RBS I came and found the transaction log file for the Crawl Store... Implicit conversion occuring after switching from FreeTDS and finally going native 2012. - Our environment was running on SQL 2012 with the database in SQL 2005 compatibility mode (90). The application database has... how to search records in a table and identify which records do not exisits based on 2 conditions and then insert the missing records from another table - how to search records in a table and identify which records do not exist based on 2 conditions and then... Removing IP address from listener pool when removing a secondary - We have a multi-site AG and are demoting one of the remote sites out of the AG. In doing so,... Trigger Question - Update not working for my situation - Okay - I have an ERP application that I am trying to write a SQL trigger for. I'm trying to write... SQL result issue - Hi, I have two tables wces_users_copy which holds a list of properties amongst other things and wce_activity_copy a list of properties... How to find a time difference between time in different rows? - I am writing a report in SQL 2008 R2 to find the turn around time for an operating room. I... DTS For Importation of Data From CSV file to SQL SERVER 2008 R2 Express - I would Like to ask the experts regarding this matter. I was tasked to create a process on importing data... ALTERNATRIVE of temp table - i have following calculation in my sp. i need to know any short way to do it. CREATE TABLE #Average_Price (Brand_Id INT, ... Multiple calls to MAX(datecolumn) in select - I have inherited a project that uses MS Sql Server 2014 and some Stored Procedures. In one of the Stored Procedure... replication breaks after fail over ( Disaster recovery ) - Hi All , I did fail over between Principal and Mirror server sql server 2008 R2 in production last week and... Checklist to connect cassandra - Hi Friends, I have been assigned to a new project where data load s gonna happen from oracle to cassandra through... SSIS package loses MessageSource in Send Email Task - I'm modifying an SSIS package to send email if there is a validation error in the data. I have everything all... Stored Procedure that uses a parameter in a WHERE x IN(@param1) - PLEASE tell me what needs to be done to make something like this work? DECLARE @PARAM1 VARCHAR(2000) = 'Tom','JOE','BUDD','TIM' --< Obviously this... |
|
| This email has been sent to newsletter@newslettercollector.com. To be removed from this list, please click here.
If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. | This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here. | This transmission is ©2015 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
Contact: webmaster@sqlservercentral.com |
|
|
