Getting Up To Speed with SQL Server
– Register: SQL Server Admin Expo – Feb 26 – Free event – 3 sessions by excellent speakers, about SQL Server administration
– Register: Spring 2010 SSWUG.ORG Virtual Conference – SQL Server, Business Intelligence, SharePoint – 75 sessions, 20 speakers…
– Register: DBA School – (50% sold-out already) 15 ppl max – Apr 19, 20, 21 – In-Person class that focuses on the things you really need to know – and shows/teaches how to apply it.
Featured Article(s)
Undocumented SQL Server 2008 Cursor Stored Procedures
In this article, Alexander Chigrik looks at five undocumented cursor stored procedures that shipped with SQL Server 2008.
Webcast Today:
High Availability Through SQL Server
With failover clustering, data mirroring, peer-to-peer replication, and log shipping available there is an option or two for every scenario. While each technology has a place in the world, they aren’t interchangeable and provide the greatest benefit when applied to the proper solution. A walkthrough of each of these technologies and where they fit in your environment.
Presented by: Jason Strate
> Register Now
> Live date: 2/24/2010 at 12:00 Pacific
Accidental DBA Tip of the Week
As you’re considering where to turn next on your work with SQL Server – where can you look for some great benefit to your servers without having to work on them full-time – here’s this week’s tip:
Talk with your developers about their applications. Work on security for those applications.
Beyond injection-related issues, take a look at the user names and passwords used by your applications to access SQL Server. When did you last check the applications to see how they come in to SQL Server, and how you have those access points protected on your server? It’s time to review them. Several items to consider:
– Check user names, passwords
Make sure the user names and passwords are complex user names and passwords – not just "joe" and "joe." Make sure the user names and passwords are not the same as the developers use to login to your networks. The last thing you need is for a user name and password to unexpectedly stop working when a developer leaves your company or their password expires. Create user names and passwords specific to the application and assign specific and limited rights to that account so that it sees what it needs to see, and only that information.
– Check password policies
Make sure you have your system set to expire passwords on a regular (30/60 or 90-day) basis. This will add a helpful layer of security to the accounts associated with your developers and others on your systems. While this may not be specific to SQL Server, by using integrated security and having the right policies in place, you can add some great security controls to your system.
– Check to see what your users have access to
When was the last time you looked through what databases and information your developers could access? Check it on your system, and make sure your production systems are locked down tight. Rarely should a developer have full access to a production system and certainly not without distinct access rights for their account vs. their development work.
In short, understand how people are accessing your systems, make sure they have access to what they need, but not more.