Featured Article(s)
Performance Tuning for the Overworked DBA: Part 3: General Performance Considerations
In this series I’ve introduced you to the performance triangle of I/O, CPU, and memory. Generally, if you have a performance issue, triage these components and you’ll find some success. I also dove deeper into what I think is the biggest performance inhibitor (especially for BI): the I/O pipe. In this article, I’m going to go a level deeper and start to make some recommendations.
Reporting Tools – WITH Templates
Someone else has done all the work for you with these cool templates. You can share templates between reporting projects and take advantage of all of the formatting and tricks that have already been created for you. If you’re building reporting applications, you’ll want to take a look at XP3 Turbo Templates – it could save you a lot of time and frustration building out excellent reporting tools. Get more information here.
Video: SelectViews SQL Server Show
(Thank you for letting people know about the show – we’ve had a great response and have heard from a lot of people that it has explained what’s going on on in their systems. I appreciate all the great comments!) On the show – we’re looking at the automated SQL Server Injection that’s going around. We’ve been tracking it in our own logs here at SSWUG and I put a segment in the show to specifically show you what’s happening and how this may be getting through some of the more common filtering techniques out there. Sure, I’d love to get killer traffic on this show, but more than that, I hope you’ll take a minute and watch; I tried to show exactly why it’s getting through and what’s being done. It’s in the newsletter section of the show.
Injection – a Bit Different – and Important Information
Something to know about these injection attacks – first, watch the show (above) — you’ll understand a bit better why you can’t successfully filter client-side by looking for specific keywords. The thing is, on these, they’re injecting the full command – they’re not playing around trying to see IF they can get into your systems. This isn’t an "add a single quote to the string and see if I get a meaningful error" type injection. This is a "pass the destructive command in, if it takes, I’m done, if it doesn’t, I move on" attack.
So, if you have a vulnerability, it’s not a matter of them muscling through it to run stuff on your systems. It’s a matter of an outright exploit getting through in one single attack that you may, or may not, have any idea is even coming. Don’t wait to get hit. We’ve had a huge number of asking about what to do after being hit. One of the side-effects is that your site will be serving the malware – the bad programs for the bad guys.
Over the weekend, Redmond Magazine was hit, and if you went to go to their site, the Google toolbar could kick in and warn you that you’re going to a site that may be serving up malicious code. It can be quite a hit to your site’s reputation, traffic and overall business. Take a few minutes, talk to the powers that be and get a scanning service to look over your site, do some testing and take a moment or three to see how you’re doing. Do all you can fix and address issues, and do it as soon as you possibly can.
Featured White Paper(s)
SQL Server 2008: What to Expect
Microsoft SQL Server 2008 has many great new features that will allow you to develop higher performing, more scalable next-ge… (read more)
Protecting Microsoft SQL Server
Although SQL Server offers options for database protection and recovery, none of them is intended to provide a complete disas… (read more)