Glasses, calculator, tablet, white neat desk

System-versioned ledger tables: things you can’t do

This is the third post in the series about system-versioned ledger tables, a new feature introduced in Azure SQL Database. You can read Part 1 and Part 2 if you haven’t already. Every choice we make is a trade-off. New features have limitations, and ledger tables are no exception. Some of these limitations are perfectly
-> Continue reading System-versioned ledger tables: things you can’t do

Glasses, calculator, tablet, white neat desk

System-versioned ledger tables: the next step

In the first post of this series, we learned about a new type of system-versioned table that also works at the database level and introduces a mechanism that demonstrates whether your database has been tampered with. Very simply, if the cryptographic hash does not match what is in the off-site digest, your database has been
-> Continue reading System-versioned ledger tables: the next step

Glasses, calculator, tablet, white neat desk

Introducing system-versioned ledger tables

As long-time readers of this blog know, I’m a big fan of temporal tables, also known as system-versioned temporal tables. Until recently, temporal tables were synonymous with system-versioned tables, but all that changed a short while ago with the introduction — in Azure SQL Database — of system-versioned ledger tables. This new series of posts
-> Continue reading Introducing system-versioned ledger tables

padlock and chain

Security update for all supported versions of SQL Server (CVE-2021-1636)

Microsoft announced updates today for all supported versions of SQL Server, for a privilege escalation vulnerability that leverages Extended Events. For security reasons no further details have been provided, but you can expect more information in the near future, now that this update is public. From the knowledge base article: Data can be sent over a
-> Continue reading Security update for all supported versions of SQL Server (CVE-2021-1636)

chain and padlock

A new malware attack on SQL Server

Tencent Security has released a report (written in Chinese) describing a new malware attack by the name of “MrbMiner” on SQL Server instances exposed to the Internet with passwords that can be brute-forced. According to the report it installs an application written in C# by the name of assm.exe which communicates with a command-and-control server to download a digital
-> Continue reading A new malware attack on SQL Server

macro shot of stainless steel padlock

Picking up the pieces after the DBA has left: taking ownership of a SQL Server instance

WARNING: This post contains information that can get you fired if you use it without express written permission. In some jurisdictions it might get you jail time as well. Let’s assume you are a consultant, and a customer has called you in a panic because they have lost access to their production environment. Let’s assume
-> Continue reading Picking up the pieces after the DBA has left: taking ownership of a SQL Server instance

red LED signage

What is a strong password anyway?

Background Fellow Microsoft MVP Troy Hunt (blog | Twitter) has been operating the website Have I Been Pwned (HIBP) for a number of years now. For the record, “pwned” is pronounced like “owned” but with a “p” in front of it. Don’t use the term in public unless you’re in a room full of information security
-> Continue reading What is a strong password anyway?

Detail of a building in Ottawa, Canada

SQL Server 2019 is here

With the release of SQL Server 2019, I wanted to highlight in a single place some things that I’m excited about. Drawing on sessions I presented this year at SQLBits and SQL Saturday Edmonton respectively, these are features in SQL Server 2019 for the busy DBA: UTF-8 in-engine support Intelligent query processing features Replacing sqlcmd
-> Continue reading SQL Server 2019 is here

A steel padlock

When security and news collide

Behold! There’s a scary monster called skip‑2.0, announced by ESET: This backdoor targets MSSQL Server 11 and 12, allowing the attacker to connect stealthily to any MSSQL account by using a magic password – while automatically hiding these connections from the logs. Such a backdoor could allow an attacker to stealthily copy, modify or delete
-> Continue reading When security and news collide