e-mail:
password:
Forgot Password
|
|
SQL Server with Mr. Denny
Recommended reading from mrdenny for February 15, 2013
Posted by: Denny Cherry
SQL Server, Top 10This week I’ve found some great things for you to read. These are a few of my favorites that I’ve found this week.
- Disabling Visual Studio 2012's All-Caps Feature
- Suggestion: ALLFILES option for RESTORE
- Getting Started with Partially Contained Databases
- Ask Slashdot: Is TSA's PreCheck System Easy To Game?
- Using PerformancePoint against tabular data
- This weeks SQL Server person to follow on Twitter is: ChiSQL also known as ChicagoSQLUserGroups
Hopefully you find these articles as useful as I did.
Don’t forget to follow me on Twitter where my username is @mrdenny
.
Denny
0 Comments
RSS Feed
Email a friend
SQL Saturday Albuquerque Slide Deck
Posted by: Denny Cherry
SQL PASS, SQL Saturday, SQL Saturday 183, SQL ServerThis last weekend was SQL Saturday Albuquerque (#183) and I had the privilege of speaking at their first SQL Saturday. I had a great time at the event, and kudos to the event team for putting together a fantastic SQL Saturday.
The session which I presented at SQL Saturday was titled “SQL Server Indexing for the .NET Developer” where I talk to a group of mostly application developers about SQL Server indexes, what they do, and some of the overall best practices for SQL Server indexes.
You can download the slide deck from my site.
If you attended the SQL Saturday I hope that you had as great a time as I did, and if not hopefully I’ll see you at the next SQL Saturday.
Denny
0 Comments
RSS Feed
Email a friend
Recommended reading from mrdenny for February 08, 2013
Posted by: Denny Cherry
SQL Server, Top 10This week I’ve found some great things for you to read. These are a few of my favorites that I’ve found this week.
- Does a Clustered Index really physically store the rows in key order?
- Your online security is only as good as the weakest link
- Less Useful Soft Skills
- Declarative Architectures in Infrastructure as a Service (IaaS)
- Preparing for Certification
- This weeks SQL Server person to follow on Twitter is: passbac also known as PASS BA Conference
Hopefully you find these articles as useful as I did.
Don’t forget to follow me on Twitter where my username is @mrdenny
.
Denny
0 Comments
RSS Feed
Email a friend
When Designing Logon Systems, Pay More Attention To Password Questions.
Posted by: Denny Cherry
Data Loss, Data Security, Database Design, Database security, Identity theft, Laws, Lawyers, Lesson Learned, Mayhem, Phishing, Security, Social Commentary, SQL ServerIn recent months the Internet has started to wake up to security just a little bit more, and probably forgotten all about it as well (read this, this, this and this if you need a refresher). The big problem that I speak of is those annoying questions that we have to answer when setting up a password for a new high security system. Those questions are supposed to be things that only you know. Which was great 20 years ago when we first started building these systems. Today however for most of these systems I can find out all the answers to these questions between Facebook and Twitter.
Recently I was setting up access to just another high security system and I was presented with this list of questions (I had to select three) as my security questions so that I can get my account back if (when) I forget my password.
Lets review these questions for a minute. Now some of these Facebook actually asks you to provide them so that they can put them on your profile (that annoying part at the top of your Facebook profile). The rest you can probably figure out about most people just by looking at the information that they provide during the course of using social media in their daily lives and with the groups on Facebook that they belong to. You add access to a public linked in profile and a little searching in public records and getting most if not all of these answers shouldn’t take you more than a couple of hours.
As the people that build these applications we need to take more notice of just how easy it is to figure out these questions. The questions that we are putting into the applications shouldn’t be so annoying as “Favorite Teacher’s Last Name”, which I’ve actually seen but they need to be stuff that is at least a little harder to figure out if these are the things that we are going to use to ensure that people are who they say they are.
Things like drivers license number or state ID number (for those without a drivers license) are a good start. They don’t change all that often (except when you move between states). Social Security Numbers basically never change so those aren’t a bad number to use (granted there are other issues with using a persons tax ID here in the US).
When you are designing these sorts of authentication systems, don’t assume that just because your paranoid ass doesn’t upload your entire live to Facebook, LinkedIn and Twitter that no one else does that either. People do, do that and they will continue to do that. If you want to actually provide a level of security for your customers, which I sure hope that you do as that is kind of your job, then assume that the customers will be posting the easy to figure out questions online for all to see so you might want to use some slightly more complex questions.
Denny
0 Comments
RSS Feed
Email a friend
Recommended reading from mrdenny for February 01, 2013
Posted by: Denny Cherry
SQL Server, Top 10This week I’ve found some great things for you to read. These are a few of my favorites that I’ve found this week.
- 10 Years After SQL Slammer
- Customizing Extended Events Templates in SQL Server 2012
- Ask the Unicorn: How to become a DBA?
- IT pros reveal benefits, drawbacks of data virtualization software
- The Wonderful World of Compliance in IT @PepsTalkTech @MSLearning
- This weeks SQL Server person to follow on Twitter is: KarlaKay22 also known as Karla Landrum
Hopefully you find these articles as useful as I did.
Don’t forget to follow me on Twitter where my username is @mrdenny
.
Denny
0 Comments
RSS Feed
Email a friend
SSMS Masks Some Error Messages
Posted by: Denny Cherry
SQL ServerSo the other day I was working on a linked server problem where we wanted to run queries against a linked server to a SQL Server Analysis Services database so that a SQL Server stored procedure could hit the SSAS database directly. I was just running a sample query against a database that I knew didn’t exist looking for an error message which said that the cube didn’t exist. But what I kept getting was this.
OLE DB provider “MSOLAP” for linked server “SSAS” returned message “An error was encountered in the transport layer.”.
OLE DB provider “MSOLAP” for linked server “SSAS” returned message “The peer prematurely closed the connection.”.
Msg 7303, Level 16, State 1, Line 1
Cannot initialize the data source object of OLE DB provider “MSOLAP” for linked server “SSAS”.
Now knowing that I have to use Windows Authentication to make this work I connected to the SQL Server’s console and ran sqlcnd and ran the same query and got back an error about the object not existing. OK, must be a Kerberos problem.
Well it turns out that SQL Server Management Studio doesn’t exactly display all the errors which come back from linked servers correctly because when I ran the same query from sqlcmd on my workstation I got back the missing object error message. This tells me that it’s not a Kerberos error message that I’m chasing at all and that it’s just a bad query.
Lesson learned, when