| A community of more than 1,600,000 database professionals and growing |
| | | Badly Encrypted Databases I ran across a blog about encrypted databases linked from Bruce Schneier's blog. I follow his musings and writings on security ,and he recommended we read it with this sentence: "Even the summary is too much to summarize, so read it." Good enough for me, so I clicked the link and read about encrypted databases. I like the idea of stronger encryption in databases, and I've given a few talks on the subject. At times there are attendees that will debate that encryption in the database doesn't do a lot of good. Often they dismiss the idea of TDE, since administrators can still read the data and break the encryption, and normal users aren't affected. Many also note that database encryption does nothing for data on the wire, which is true. Most people want to do the encryption and decryption on the client, which has other challenges and is fairly hard to do well. I think that security a series of layers, and as noted by the author of the blog, most criminals are lazy. If they can copy a backup file or data file, they'll just do that and read the data. TDE isn't perfect, but it does limit these simple attacks. Always Encrypted was developed to try and make it easy to include encryption from the client side, but in SQL Server 2016, it has lots of limitations. In SQL Server 2019, we get secure enclaves, which should help adoption somewhat, but we will see once developers start to experiment with the feature. The blog talks about problems with encryption, spending quite a bit of time on approximate database reconstruction, which is essentially guessing data values with some information and by watching queries and results. It's somewhat fascinating, and also scary, but complex and likely requiring lots of queries. To me, this is an area we ought to focus, and really an area that all our protocol libraries and possibly database firewalls (or built in limits) ought to focus efforts. We shouldn't be most clients to make large queries of all data in a table. Really at this point, we ought to have build in limitations of queries to ensure that users are exporting all data from a table. I'd like some throttle that might prevent the return of very large result sets to clients. At the same time, there ought to be some way to analyze the queries coming in and see if an attacker is "guessing" values. I won't pretend to know how we might do this, but it would seem that in the same way we detect lots of login attempts, we could have some alert being raised when we had xxx of the same type of query in yyy time. That might alert us to potential problems. Or users running lots of searches. I don't know the best way to protect data, but I do know that too many of us aren't doing a good job of this. We need to get better, both in production and development environments. We need to be better at protecting databases and the data within them. Steve Jones from SQLServerCentral.comJoin the debate, and respond to today's editorial on the forums |
| | The Voice of the DBA Podcast Listen to the MP3 Audio ( 5.0MB) podcast or subscribe to the feed at iTunes and Libsyn. The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. |
|
|
|
| | ADVERTISEMENT | | | | How SQL Server monitoring benefits your whole organization SQL Server monitoring doesn’t just benefit your DBAs. In this new guide from Redgate, we take you through the different ways a robust monitoring solution has a positive impact across your organization, from your development teams to IT management, and from finance to your C-suite. Download your free copy now |
| | | | SQL Provision: Create, protect, & manage SQL Server database copies for compliant DevOps With SQL Provisions virtual cloning technology, databases can be created in seconds using just 1MB of storage, and sensitive data can be anonymized or replaced with realistic data to ensure it is protected as it moves between environments. Download your free trial |
|
|
|
| | | | | Danilo Dominici from SQLServerCentral.com In the next level of the Stairway to SQL Server on Linux learn about the client tools available to connect to your instance. More » |
| | Press Release from Redgate In this free eBook Shawn McGehee offers advice on query tuning, cutting stored procedures, and system process design and implementation for high availability. Discover how to perform backup and restore operations using SQL Server Management Studio (SSMS), basic T-SQL scripts and Redgate's SQL Backup tool. More » |
| | Additional Articles from MSSQLTips.com In this tip we cover how you can implement SQL Server cross database referential integrity using triggers. More » |
| | ChrisJenkins from SQLServerCentral Blogs My next tip is to test your BI solution with the volume of data that you are expecting. This is... More » |
| | Grant Fritchey from SQLServerCentral Blogs I’ve been writing a bunch about Azure Data Studio. I’ve also been recording videos on the topic. A comment I... More » |
|
|
| | | Today's Question (by Steve Jones): I have a data frame with some baseball data: > HR.hitters rank players Hr yrs.played 1 1 Barry Bonds 762 22 2 2 Hank Aaron 755 23 3 3 Babe Ruth 714 22 4 4 Alex Rodriguez 696 22 5 5 Willie Mays 660 22 6 6 Ken Griffey, Jr. 630 17 7 7 Albert Pujols 634 22 8 8 Jim Thome 612 22 9 9 Sammy Sosa 609 18 10 10 Frank Robinson 586 21 I want to retrieve just the player name and home runs for Ken Griffey, Jr. and Albery Pujols. How can I get this? |
Think you know the answer? Click here, and find out if you are right. We keep track of your score to give you bragging rights against your peers.
This question is worth 1 point in this category: R Language. We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the Contribution Center. |
|
|
| Yesterday's Question of the Day |
| Yesterday's Question (by Steve Jones): I want to change the default data directory on my SQL Server on Linux installation from /var/opt/log to /prod/log. What command should I run?
Answer: use mssql-conf with the "set filelocation.defaultlogdir /prod/log" parameter Explanation: The mssql-conf utilty is designed to alter the configuration of various items in a SQL Server on Linux installation. One of these is the default data directory. To change to the /prod/log folder, the comand would be: sudo /opt/mssql/bin/mssql-conf set filelocation.defaultlogdir /prod/log Ref: Change the default data or log directory - click here » Discuss this question and answer on the forums |
|
|
| Database Pros Who Need Your Help |
| | Here's a few of the new posts today on the forums. To see more, visit the forums. BCP usage - Hi All, I am trying to one bcp command I am not able to execute it correctly. I have created below table: CREATE... Performance Issue - Hello All, I have a select query which is taking 3mins to get the results. I have verified the below. 1)Fragmentation and... Script to close the excel file - I have an agent job which runs everyday and it often fails because the excel file (source) is open. I... Can I hint a join order or can I hint the first index seek ? - Hi, I have a query that is not performing well. The execution plans starts with an index seek on the transaction... table relationship - How do you determine table relationship ie 1:1, 1:many, many:many? Changing the isolation level without wrapping code in BEGIN / COMMIT TRAN - Hi all, My question is whether or not I have to wrap my SP code in a transaction to take the... How does a cursor affect the optimizer (and the execution plan) ? - Hi, This is Part 2 of Slow in the Application, Fast in SSMS. How to force the execution plan generated by... SQL Files Won't Open Outside of SSMS - Hello! I found some info on the web here: https://social.msdn.microsoft.com/Forums/sqlserver/en-US/f8d65de5-11b5-4792-bb03-b7690f53bb31/sql-file-will-not-open-in-ssms-o sent SQL query as formatted Excel .xlsx via email - I already have a working stored procedure that exports sql query data set into a .csv file and emails it. Works great. Now I... why did WHERE EXISTS delete the contents of whole table? - the inner query returns only 36 rows, so I expected the DELETE WHERE EXISTS to delete only 36 rows. But... Backup because log file is larger than mdf? - Hi all, I am at a new job and have been here for 3 months so I am still learning the... The transaction log for database is full due to 'CHECKPOINT' Error: 9002 - Hi to all, I'm puzzled ! Running a database on an older server stoped executing its jobs all of a sudden. Digging into... Issue updating columns for existing rows - Hi there, so I have this table I've added additional columns to. For existing rows I want to update the columns... I? wanted to run a stored proc over 500 databases in production. - Hello Room, I'm not hundred percent sure on how to program in T-SQL. I wanted to run a stored proc over 500... nvarchar to smalldatetime - Im currently working on updating company database in which on one of the tables the 'CreateDt' is in the nvarchar... Sql Query to find invalid SSN Numbers - I would like to write a query that returns any Employees (id, ssn, and name) with an invalid SSN along... Visual Studio C# project. Export DataTable to Excel formatting of column - Hi All, I am working on a C# project that pulls data from an SQL database, formats it in a DataGridView,... SSIS and BIML - I'm looking at a way to import many tables (about 350), from each of many sources (about 300), so 105,000... SSAS users randomly losing connection - Hi all We've got 5 multidimensional cubes and access is granted by AD groups. There is one role per cube with a... Operating system error 2(The system cannot find the file specified.) - I know this is driving people crazy, there is a 2000 server with only sp2! and it crashed! I am... |
|
| This email has been sent to newsletter@newslettercollector.com. To be removed from this list, please click here.
If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. | This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here. | This transmission is ©2018 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
Contact: webmaster@sqlservercentral.com |
|
|
