In this post, I will introduce you to a special T-SQL script that you can use for detecting potential SQL injection attacks in your database, as well as application-level bugs that you didn’t necessarily know you had.
Read More »Detect Application Bugs and Vulnerabilities You Didn’t Even Know About
SQL Injection is something I would expect any reader of my blog to be familiar with. Despite being one of the oldest database attack methods, it still persists for decades on the OWASP Top Ten list of critical security risks to web applications.
In fact, instead of dying out, it only seems to be getting more clever and even automated. With “hacker bots” scouring the web and automatically probing for injection vulnerabilities to exploit. I know, as I’ve once been a victim of such attacks in the past.
But today I’m not actually going to talk about that. Today, I’m going to ask the question: When is SQL Injection dangerous, even if it’s perfectly safe?
Read More »Could SQL Injection be dangerous even when perfectly safe?
As a spiritual “part 4” in my ongoing series of webinars titled “CI and CD with SSDT”, I will be delivering an entirely new session called “Troubleshooting Build and Deployment of SSDT Projects for SQL Server DevOps” (or “Troubleshooting Common SSDT Errors” for short).
Read More »New Upcoming Session – Troubleshooting Common SSDT Errors
This month’s T-SQL Tuesday is hosted by Deb the DBA (b|t), who invites us to give a long rant about a question that a coworker could be asking us, without knowing what they’ve just gotten themselves into by doing that.
Well… I’ve got just the thing 🤭
Read More »T-SQL Tuesday #152 – Which version of my database was deployed? It depends!
Following the rise in popularity of DevOps for Databases, many interesting questions are being asked on the topic.
One of these questions is: Should your SQL Database project be in the same source control repository and solution as the App code project? Or maybe they should be in the same repository but separate solutions? Or maybe they should be in completely separate repositories?
Read More »Should the Database and Application projects be in the same Repository?
Who doesn’t like Filtered Indexes, am I right? They’re pretty great, honestly. If… of course… you’re able to actually create them and utilize them in your specific use cases. That… unfortunately, could often become a complicated, if near impossible, task. So, what if our use case is not trivial enough to allow for filtered indexes?
Read More »Filtered Indexes with TRY_CONVERT, ISNUMERIC, and other complex expressions
“Extended properties allow you to add custom properties to database objects”, so says the official Microsoft documentation. However, very few DBAs make use of them, if at all. This is actually a good thing, because indeed the scenarios in which this feature could be useful are relatively few and rare.
On the other hand, I also see DBAs essentially jumping through hoops to implement something, which could in fact very easily be implemented using Extended Properties.
What are these peculiar use cases? Let’s look at a few examples.
Read More »Finding a use for Extended Properties in SQL Server
Do you find yourself facing performance problems and long lock chains caused by very frequent INSERT, UPDATE, or DELETE statements being executed on a table? Check out this neat trick that could help you out and make all the difference in the world.
Read More »The Asynchronous Ledger Trick for Fast SQL Server Insert, Update and Delete Processes
In one of my previous posts, Fun with DATETIME Arithmetics, I introduced a way to use “math” to manipulate datetime values for effectively generating, calculating, and displaying intervals (i.e. difference between two datetime values). These mostly work with the addition and subtraction operators (+, -).
In one of the paragraphs, I mentioned multiplication and division, and posed the question about why anyone would ever need to do this.
Read More »Even more fun with DATETIME arithmetics!This month’s #tsql2sday is hosted by @AndyLeonard, who asks us to write about “software changes”. Well, I think it’s time to be changing sp_help_revlogin. What do you think?