Uncategorized

One Possible Reason for On-The-Net SQL Servers

by Ben Taylor

Available on SSWUGtv:
A wide-ranging interview with Microsoft’s Matt Nunn about Visual Studio 2008, what it does, what he likes about it, and so much more. Also, a bit about update stats, discussion list watch and a whole lot of other great SQL Server information.

> Watch the show here

Also, don’t miss:
Watch: Handling a DBA interview. A Mock interview with questions, answers and more.
Watch: SelectViews: Interview with Kim Tripp and Paul Randal

Featured Article(s)
Tool For Identifying Unindexed Foreign Key Columns
This article presents a script for identifying foreign key constrained columns. Unindexed foreign key columns cause SQL performance problems and can cause deadlock problems.

Package Up Your Reports and Get them To Your Users!
SQL-RD saves time and money by making it easy to define single or packages of Microsoft SQL Server Reporting Services reports – schedule and run them automatically, send the reports to print, fax, disk, ftp or email in a number of standard formats. Create automated report scheduling, distribution and job automation for Microsoft SQL Server Reporting Services reports. No access required to SQL server functions – just the reports. With SQL-RD’s Event Based Schedules, you can have reports fired off when events occur, by setting schedules to run based on events rather than date. Get your free trial copy here.

Webcast Wednesday
Managing Change with SQL Server
We’ll look into a few different things to know about working with change and your SQL Server. First, we’ll look at how to document your schemas and database options. Next, we’ll look at how you can log changes, by looking into Triggers and some basic security options to have to block unauthorized change in your databases. There are a number of options you have, and we’ll provide the information you need to know when it comes to managing change to your systems.

> Register Now
> Dec 5 2007 12:00pm Noon Pacific

One Possible Reason for On-The-Net SQL Servers…
(But NO excuse…)

From a SSWUG reader:

"I work for [a hosting company], and as I read your comments, it occurred to me that a lot of these exposed databases might be the result of domains that are hosted on "shared servers." A lot of shared server hosting doesn’t allow you to RDP to your server (since you are really getting a Web site, not a whole VM or server, so there’s nothing to RDP to, at least not safely), and so you have to come up with some other way to manage things like database servers. It is certainly possible to host databases properly, putting them behind a firewall and letting people do management through a control panel, but then the control panel would be on the Internet, which is nearly as bad."

This reader did some checking and found that, indeed, their databases are behind the firewall and they provide the customer with control panels that limit access, provide security and provide a locked-down means of getting to the database.

It’s a good point though. If you’re a hosting company and haven’t invested in the software and systems to provide and secure access administratively to the databases, you’re providing way too much access.

I actually don’t think though that this was the intent of the original study and findings. My take on the claims from the original posting about 500,000 exposed SQL Server and Oracle databases on the ‘net was that they were out there, entirely, and unprotected access-wise. They may have had passwords on them, but that’s about it. I’m sure it was seeing or counting control panels (I don’t know how you’d "sniff" those out if they were simply web-based).

Long story short – just look. See how your databases are hosted and make sure you’re not one of the ones that is hanging out in the wind.

Featured White Paper(s)
SQL Server 2005 – Major New Features
This white paper highlights the new features of SQL Server 2005, including the user interface and the architecture changes, a… (read more)

Microsoft T-SQL Performance Tuning Part 1: Analyzing and Optimizing T-SQL Query Performance on Microsoft SQL Server using SET and DBCC
This white paper, authored by SQL Server expert Kevin Kline, discusses the basics of indexes, such as density and selectivity… (read more)

ESG Lab Validation Report of the HP PolyServe Database Utility for SQL Server
ESG Lab, the testing facility of industry analyst firm Enterprise Strategy Group, reports its comprehensive testing of HP’s s… (read more)

A Network Engineer’s Guide to Troubleshooting User Satisfaction Problems with SAP Applications
Is It the Application or the Network? If you’re a network engineer in an organization that runs SAP, you’re probably famil… (read more)

Author: Ben TaylorBen is a Relational Database veteran starting in the early eighties on DEC Vax database systems such as Bloom and Harvest. He has specialized in SQL engines for more than two decades, with a primary focus on Microsoft SQL Server. Ben has worked with small and large databases for both OLAP and OLTP working on systems for many industries such as Medical (Medical Claims and Eligibility Warehouse, HMO Provider Management, Enrollment), Financial (credit card processing, mortgage, stock portfolio management), Manufacturing (Assembly Line and Product Assemblies), Sales, Auto Auctions and more.