| A community of more than 1,600,000 database professionals and growing |
| | | Audio Attacks There are running jokes about how Amazon Alexa and Google Home are susceptible to visitors in your home. It's become a bit of test from some geeks who will walk in your house and call "Hey, Alexa" out loud to see if you have a device that's available. I even had an accidental Siri activation while recording some content recently. I said something that started Siri listening on my phone and then a few people nearby kept trying to duplicate the effort. Fortunately Siri wouldn't come on, so no one was able to cause too much trouble. I suspect that the speakers in the recording room weren't positioned well enough to allow the control room based hacking. I know that will change. In fact, even if Apple and other companies manage to get digital assistants to recognize specific people's voices (as rumored), technology marches on. People are already starting to fake audio data. The fidelity of digital recording and capabilities of speakers improve constantly. This is going to be a greater and greater issue over time, and I have no idea what security technique will prevent things. Maybe we need two factor authentication for audio commands? Won't that defeat the purpose? As data professionals, we are going to be dealing with more and more types of data, and trying to process, analyze, and act on information. This is one reason that I think understanding data lakes and being able to import and combine many types and formats of data will be a valuable skill for all data professionals. Whether you use something like Azure Data Lake or another platform, I expect to be combining data in all sorts of ways and providing information to users. While speech recognition might not be something many of us worry about, will we want to extract information from audio or video and use it? Do we expect that audio files have more integrity than other sources? I worry that we give some types of data more veracity than others, when all types are subject to hacking. Some of us may get audio files as data, and it's only a matter of time before we get hacked, perhaps with fake audio. One of the issues we have with some data is determining the source of record. If I record my voice as a sample, and you compare all future audio of me to that sample, you can verify my identity, right? What if someone can fake my voice with simple software? It sounds crazy, but those days are coming, especially if our systems are susceptible to a person stitching together words from different captures, such as some of Baracksdubs. What might be worse is when we find someone hacking a database and replacing the samples. What's the source of record then? As I spend more time in this business, I become more convinced that auditing and monitoring are more important that security. We want them all, but I'd rather know I have an issue than assume my systems are protected because the security doesn't appear to be broken. Steve Jones from SQLServerCentral.comJoin the debate, and respond to today's editorial on the forums |
| | The Voice of the DBA Podcast Listen to the MP3 Audio ( 4.4MB) podcast or subscribe to the feed at iTunes and Libsyn. The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. |
|
|
|
| | ADVERTISEMENT | | | | How to track every change to your SQL Server database See who’s changing your database, alongside affected objects, date, time, and reason for the change with SQL Source Control. Get a full change history in your source control system. Learn more. |
| | | | Could you help with some research? The Foundry team at Redgate want to hear about your experience with SQL Server asset management. Fill in this short survey to help out, and also to enter their prize draw for a $100 Amazon gift card. Complete survey. |
|
|
|
| | | | | Amarendra Reddy Thummeti from SQLServerCentral.com In this article, I will provide a set of examples to show case the use of OUTPUT clause for INSERT and DELETE statements. More » |
| | Andy Leonard A four-day course aimed at BI developers who want to use Business Intelligence Markup Language (BIML) to generate SQL Server Integration Services packages. More » |
| | Additional Articles from Database Journal Azure SQL Data Warehouse is a new enterprise-class, elastic petabyte-scale, data warehouse service. Join Arshad Ali as he discusses round-robin and distributed tables, and how to create them. He also discusses how partitioning works in SQL Data Warehouse and looks at the impact of choosing the right distribution key. As a bonus Arshad shows you how to leverage PolyBase to quickly and easily import or export data from SQL Data Warehouse. More » |
| | SQLRUs from SQLServerCentral Blogs T-SQL Tuesday is a monthly blog gathering for the SQL Server/Data Professional community It is the brainchild of Adam Machanic (B|T)... More » |
| | cjsommer from SQLServerCentral Blogs T-SQL Tuesday is a monthly blog party for the SQL Server community (or Microsoft Data Platform community. Although it’s called... More » |
|
|
| | | Today's Question (by Steve Jones): I've got this email address in my database: bob@b.net. If I have an email masking function applied on this column, what data is returned to users that see masked data? |
Think you know the answer? Click here, and find out if you are right. We keep track of your score to give you bragging rights against your peers.
This question is worth 1 point in this category: T-SQL. We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the Contribution Center. |
|
|
| |
| ADVERTISEMENT | | Protect your data from attack by using SQL Server technologies to implement a defense-in-depth strategy, performing threat analysis, and encrypting sensitive data as a last line of defense against compromise. The multi-layered approach in this book helps ensure that a single breach doesn't lead to loss or compromise of your data that is confidential and important to the business. Get your copy from Amazon today. | |
|
|
|
|
|
|
| Yesterday's Question of the Day |
| Yesterday's Question (by Steve Jones): If I want to get a list of files in my current directory in R, how to I get this?
Answer: list.files() Explanation: list.files will return a list of the files in the current working directory. Ref: list.files - click here » Discuss this question and answer on the forums |
|
|
| | | | Prem Kumar from SQLServerCentral.com Applying Transparent database encryption is one of the important tasks which we need to do across the enterprise level databases.
Below script will apply the encryption on all user databases in a particular instance. The certificate needs to be created on all secondary databases in an Always-On environment. USE [master]
--Create Master Key
CREATE MASTER KEY ENCRYPTION
BY PASSWORD='Azdb_pRd@2017';
--Create Certificate
CREATE CERTIFICATE AZ_TDE_PRD
WITH SUBJECT='AZ_TDE_ON_PRD';
GO
--Create Database Encryption Key on each user databases
DECLARE @sql varchar(2000),
@dbname varchar(64)
DECLARE apply_tde CURSOR FOR
SELECT d.name
FROM sys.databases d
WHERE d.database_id >4
OPEN apply_tde
FETCH NEXT FROM apply_tde INTO @dbname
WHILE @@FETCH_STATUS <> -1
BEGIN
SELECT @sql ='USE [@dbname]
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_128
ENCRYPTION BY SERVER CERTIFICATE AZ_TDE_PRD'
SELECT @sql = REPLACE(@sql,'@dbname',@dbname)
PRINT 'Encryption Started --'+@sql
EXEC (@sql)
SELECT @sql = 'USE [master] ALTER DATABASE [@dbname] SET ENCRYPTION ON'
SELECT @sql = REPLACE(@sql,'@dbname',@dbname)
PRINT 'Encryption Finished --'+@sql
EXEC (@sql)
FETCH NEXT FROM apply_tde into @dbname
END
CLOSE apply_tde
DEALLOCATE apply_tde
BACKUP CERTIFICATE AZ_TDE_PRD
TO FILE = 'C:\temp\AZ_TDE_PRD'
WITH PRIVATE KEY (file='C:\temp\AZ_TDE_PRD_PVT',
ENCRYPTION BY PASSWORD='Cer#Azdb_pRd@2017')
GO
SELECT
DB_NAME(database_id) AS 'Database Name'
,create_date AS 'Create Date'
,set_date AS 'Set Date'
,(CASE
WHEN Encryption_State='0' THEN 'No Database Encryption'
WHEN Encryption_State='1' THEN 'Unencrypted'
WHEN Encryption_State='2' THEN 'Encryption In Progress'
WHEN Encryption_State='3' THEN 'Encrypted'
WHEN Encryption_State='4' THEN 'Key Change In Progress'
WHEN Encryption_State='5' THEN 'Decryption In Progress'
WHEN Encryption_State='6' THEN 'Protection Change In Progress'
END) AS 'Encryption State'
,key_algorithm AS 'Algorithm Used'
,key_length AS 'Key Length'
,encryptor_thumbprint AS 'Encryptor Thumbprint'
,percent_complete AS 'Percent Complete'
,encryptor_type AS 'Encryptor Type'
FROM sys.dm_database_encryption_keys
GO
After executing the above script, you need to copy the certificate to the secondary server in an always-on environment and create the certificate in a secondary server.
This is also applicable if you are implementing the transparent database encryption in production and restoring it in test/development environment. CREATE CERTIFICATE AZ_TDE_PRD
FROM FILE='C:\temp\AZ_TDE_PRD'
WITH PRIVATE KEY (
FILE = 'C:\temp\AZ_TDE_PRD_PVT',
DECRYPTION BY PASSWORD='Cer#Azdb_pRd@2017') Please check my blog click here for similar posts. More »
|
|
|
| Database Pros Who Need Your Help |
| | Here's a few of the new posts today on the forums. To see more, visit the forums. RAM Required to run SQL Server + Web Application + SSIS packages - Production Server with following processes running: REST API hosted in IISSQL Server with Data - Majorly for Time sheet and Other application... Linked Servers & Windows 10 Credential Guard - Hello, Does anybody know to configure Linked Servers to work with Windows 10 Credential Guard? I get Login failed for user... Stored procedure that passes in a string value and returns all occurrences of the search - Years ago, I found a stored procedure that would allow me to enter a string value and it would display... Performance degraded after migrating to 2016 from 2012 - I migrated my SQL Server database from 2012 to 2016 and I can see 2016 database performance is degraded instead... Simulate filling Transaction log - It may sound extremely simple and might be it is.... but I am trying to fill the transaction log of... how many concurrent users are connected to the database from an web application - Is there a query I can find out how many users currently from a .net application to connect to a SQL... Exclusive PageIOLatch - Hi Experts, we have a table which stores documents and have about 100,000 records currently. The table will have about 400... Help with Performance on select count(*) SQL Server 2014 - Have 2 same databases one on test and one on dev in different servers. Whilst trying to run the same... User-friendly names for constraints - I just noticed that when you create a column with a default value, a constraint is added to the table.... How can I identify employee records with the same hire and term dates? - The table has employee data. EmployeeID, HireDate, TermDate. Some records have the same EmployeeID and the Hire and Term dates... Problem with net framework 3.5 installing sql 2012 server - Hi to all. During an installation of SQL 2012 server I had a problem with feature .net 3.5. I tried to install... To Delete / Truncate / Drop & Create - Good Morning All, Can I Have some opinions please. Have 2 large tables I need to 'clean', 1 with 265263333 rows and one... Check multiple condition in sql query - Hi All, I have a table in which customer profile details such as name, address, dob etc are stored. Whenever customer... Heap vs Clustered Wildcard Search - I am working on converting a heap table to a clustered table by adding a primary key to the identity... Process to Prevent Email Spam - I am wondering if anybody has set up any sort of trigger to turn off database mail in the event... SQL QUERY Rows where TotalScore=@TotalScore in the range of value by using group by Date and Time - Dear Expert, I am seeking your help . here is the scenario , please see the Figure -1 I have 3 parameters .1.... Proper Disk drive configuration when you using Azure SQL Server VMs - Hello, We are thinking about using Azure SQL Server VMs to create our next project. However, the VM only comes with... Create a dataset from an existing dataset - Is it possible to create a dataset, write a query, based on the main dataset for the report? or should... Calculate dynamic columns - Hello team, On Sql Server Report Builder, I'de like to know how to calculate dynamic columns or how to deal with... Rename server after renaming host - Hello, I know this seems like a basic question and a lot has been written on this, but I am... |
|
| This email has been sent to newsletter@newslettercollector.com. To be removed from this list, please click here.
If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. | This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here. | This transmission is ©2017 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
Contact: webmaster@sqlservercentral.com |
|
|
