| A community of more than 1,600,000 database professionals and growing |
| | | Protecting sa Built in accounts are both a help and and a hindrance. Years ago I was working on a SQL Server 4.2 system, where I was an administrator. The database was very unstable, and we were trying to determine if it was something being done by the application or the platform itself. While I was a local administrator, I couldn't access other, remote SQL 4.2 instances at other locations for our company. Since we ran the same code (supposedly), we wanted to test how various parts of the system performed between the two systems. One late night, while actually reading the manual, I discovered the "probe" account, which was a built in account for early Sybase/SQL Server versions. I used this to query remote instance and compare settings and performance. This helped us narrow down the the problems, though it wasn't the way I would have wanted the system to work. Any built in account allows some ease of getting an application working, but it also provides a known backdoor to your system if it is not properly secured. The "sa" account is one of those well known accounts for SQL Server that can cause issues. This account has complete control over SQL Server, and even though it can be renamed, simple queries can discover what the new name is and mount attacks. This is one reason why many people like to only enable Windows Authorization, preventing anyone from logging in with this account? However, is this enough? I don't think so, as a simple administration action could enable mixed mode authentication. I would say that everyone should set a long, random password for "sa" on all instances, but what do most of you think? Do you provide any other protections for the sa account? Let us know today. Steve Jones from SQLServerCentral.comJoin the debate, and respond to today's editorial on the forums |
| | The Voice of the DBA Podcast Listen to the MP3 Audio ( 2.8MB) podcast or subscribe to the feed at iTunes and LibSyn. The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. |
|
|
|
| | ADVERTISEMENT | | | | Discover 52 tips to improve your .NET performance Our new eBook features dozens of tips and tricks to boost .NET performance. With contributions from .NET experts around the world, you’ll have a faster app in no time. Download your free copy. |
| | | | How to set up continuous delivery for your database CD lets you deploy your software any time you need. Database Lifecycle Management allows this for your databases, so you can include them alongside applications in your Agile processes. See how with this free whitepaper. |
| | | | 14 essential SQL Server tools In one installer, the award-winning SQL Toolbelt contains everything you need to work with SQL Server. "The SQL Toolbelt provides tools that database developers as well as DBAs should not live without." William Van Orden. Download a free trial. |
|
|
|
| | | | | Francis Apel from SQLServerCentral.com In this article, I’ll attempt to “convince” you that every SQL Server you put into production should be a SQL Server Failover Cluster Instance (FCI). More » |
| | Additional Articles from SimpleTalk When your SQL Server database is set to have its statistics automatically updated, you will probably conclude that, whenever the distribution statistics are out-of-date, they will be updated before the next query is executed against that index or table. Curiously, this isn't always the case. What actually happens is that the statistics only gets updated if needed by the query optimiser to determine an effective query plan. More » |
| | Kenneth Fisher from SQLServerCentral Blogs tl;dr; There is no short version of this. It’s LONG. It’s interesting but you might want to skip it if... More » |
| | Steve Jones from SQLServerCentral Blogs I was mocking up some test data and wanted to limit my list of values to specific items. In this... More » |
|
|
| | | Today's Question (by Steve Jones): I have a list of numbers in a table, some positive, some negative. MyID ------ 117 18 120 NULL 120 -120 52 -118 I run this query: SELECT myid FROM dbo.myGroups AS mg GROUP BY mg.MyID HAVING MIN(SIGN(myid)) = MAX(SIGN(myid)) If there are these 8 rows in my table, how many rows are returned by the SELECT query? |
Think you know the answer? Click here, and find out if you are right. We keep track of your score to give you bragging rights against your peers.
This question is worth 1 point in this category: SIGN(). We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the Contribution Center. |
|
|
| |
| | Yesterday's Question of the Day |
| Yesterday's Question (by Steve Jones): I've got a table of game results from people playing Rock, Paper, Scissors. CREATE TABLE RPSGame ( Person VARCHAR(50) , GameID INT , Played VARCHAR(8) , win BIT ) In my analysis, I want to know who has played all three possible choices in the list of games. What type of filter should I use in my query below this code: SELECT Person FROM RPSGames
Answer: GROUP BY Person HAVING COUNT(DISTINCT Played) = 3 Explanation: What we are looking for is a person that has a row with Rock, a row with Paper, and a row with Scissors at a minimum. The person could have multiple rows of any of those, but they need at least one of each. This type of query is looking for a distinct list of 3, since we don't care if someone has two rows with Rock, as long as they have a row with Paper and a row with Scissors. We want this distinct list to equal the scalar, and since this is an aggregate, we use the HAVING clause. Thus, we use this query: SELECT rg.Person FROM dbo.RPSGame AS rg GROUP BY rg.Person HAVING COUNT(rg.Played) = 3 This will return a user that has at least 3 rows with different values for the "played" category. This this player is returned: Person GameID Played win ------ ------ -------- --- Ashley 199 Paper 0 Ashley 266 Scissors 0 Ashley 321 Rock 0 Ashley 881 Paper 1 But not this one: Person GameID Played win ------ ------ ------ --- Bill 223 Rock 1 Bill 444 Rock 1 Bill 704 Rock 1 Ref: GROUP BY - https://msdn.microsoft.com/en-us/library/ms177673.aspx GROUP BY Basics - https://www.simple-talk.com/sql/t-sql-programming/sql-group-by-basics/ » Discuss this question and answer on the forums |
|
|
| | | Database Pros Who Need Your Help |
| | Here's a few of the new posts today on the forums. To see more, visit the forums. DDL Trigger - I have a set of triggers to keep track of database changes. I capture create, alter and delete. It has... Which indexes out of MISSING INDEXes report are most important to implement? - WHen you look at query plans or query DMVs for missing indexes, it is an obvious practice not to implement... Setting Up Availability Groups - Hi! I have a question regarding setting up an Availability Group with the current scenario. I have two locations under one domain.... Stored Procedure Performance Issue - Hi all. I've done my homework on this one and I'm perplexed. I'm an old hand at optimizing queries and... How do I install AdventureWorks in my local PC - I have SSMS installed on my PC. However, I am not able to install the AW database on my local... 2 SQL Tracefiles on startup - Hi Guys I have 2 trace jobs running on start up 1 is the defailt trace file, the other tracefile I cannot... Recurring deadlocks - I've been having recurring and continue deadlocks due an store procedure with this code: [code="sql"] --UPDATE t1 -- SET Invalid = 1 --FROM dbo.Table1 t1 -- INNER... Finding retention of a person - I would like to ask if anyone would be able to help out with this. I would be more than... indexes-non clustered - hi all how to sort non clustered indexes ? any suggestion on this Error Assitance - Msg 156, Level 15, State 1, Line 16 Incorrect syntax near the keyword 'from'. [code="sql"]Select pc.accountnbr 'account number', qf.description 'Fund Name', pc.checknbr... Split without delimiter based on position - I am having a query i need to split the query based on the position i specify Say string is 12345678910111213141516........ i... sql and stored procedure - How can I return select @@servername along with the result of this stored procedure - msdb.dbo.sp_get_sqlagent_properties in a single row. Result : Servername1,all columns... Query Performance Issue with multiple unions and a view - Hello Gurus, I have a case where instead of looking too much into the indexes(Tables are not that big), I am... Querying multiple databases - Hello -- We have twenty databases utilized by an application, and I want to be able to automatically query all the... SSAS cude full process memory Usage - Hi I want to find out if it is normal for cube full processing task to use more that 10 times... Login failed for user 'NT Service\MSSQLServerOLAPService' 28000 - I am using SQL Server 2012 developer edition on Windows 7. I have the following error attempting to process a... Opinions on triggers - I've been a database developer for quite some time now, and I've always been encouraged by senior developers to shy... deadlocked on lock | communication buffer resources with another process and has been chosen as the deadlock victim. - [b]Message Executed as user: NT AUTHORITY\SYSTEM. Transaction (Process ID 68) was deadlocked on lock | communication buffer resources with another process and... Database in Recovery Pending State - One of my databases is in [b]Recovery pending[/b] state. I tried to run an Alter command on the database to... Search for hyphen in database: it does not find the hyphen? - I am doing a data cleansing activity. The original Source was in Access Database Current Source in SQL Server 2008 R2 nvarchar(50) The... |
|
| This email has been sent to newsletter@newslettercollector.com. To be removed from this list, please click here.
If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. | This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here. | This transmission is ©2015 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
Contact: webmaster@sqlservercentral.com |
|
|
