Skip to content
Home » Learn » SQL Server Database Engine

SQL Server Database Engine

Could SQL Injection be dangerous even when perfectly safe?

SQL Injection is something I would expect any reader of my blog to be familiar with. Despite being one of the oldest database attack methods, it still persists for decades on the OWASP Top Ten list of critical security risks to web applications.

In fact, instead of dying out, it only seems to be getting more clever and even automated. With “hacker bots” scouring the web and automatically probing for injection vulnerabilities to exploit. I know, as I’ve once been a victim of such attacks in the past.

But today I’m not actually going to talk about that. Today, I’m going to ask the question: When is SQL Injection dangerous, even if it’s perfectly safe?

Read More »Could SQL Injection be dangerous even when perfectly safe?

It is 10 PM, do you know where your pages are?

Back in April 2020, I created an open-source project called “SQL Server Page Allocation Reports“. It consisted of a set of SQL queries and some Power BI reports that can be used for visualizing the size and locations of your data and transaction log pages.

Well, recently I also added SSMS Custom Reports into the mix. So, it’s time to revisit this project and see what’s new!

Read More »It is 10 PM, do you know where your pages are?

Keep Your MSDB Clean

As part of its regular, ongoing, day-to-day activities, your SQL Server instance would naturally collect historical data about its automated operations. If left unchecked, this historical data could pile up, leading to wasted storage space, performance hits, and even worse issues.

MSDB would obviously be collecting data about the SQL Agent job executions. But there are also several other types of historical data that needs to be cleaned up once in a while. I hope to cover all bases and leave no historical data un-cleaned.

Read More »Keep Your MSDB Clean

Monitoring SQL Server Version Updates using SentryOne

Following the recent acquisition of SentryOne by SolarWinds, I’ve decided to write a few special blog posts dedicated to our favorite SQL server monitoring platform.

Click here if you missed my previous post: Common issues during SentryOne version upgrades.

As part of the managed DBA service that Madeira data solutions provides, we make extensive use of the SentryOne monitoring and alerting platform. As such, we’ve gathered significant experience in using, managing, and maintaining the platform.

This also includes utilizing the platform to do all kinds of “unorthodox” monitoring, which is not available “out-of-the-box”.

Read More »Monitoring SQL Server Version Updates using SentryOne

SQL Vulnerability Assessment Tool Reference List – Updated!

Way back at January 16, 2020, I published a blog post containing a reference list for the many rules checked by the SQL Vulnerability Assessment Tool. The next month, I created a separate, dedicated page for the reference list so that it’d be easier to find and maintain. Today I learned that a few months later, around the beginning of May, Microsoft themselves have also published such a reference list on the Microsoft Docs page.

Read More »SQL Vulnerability Assessment Tool Reference List – Updated!

Access Violation error when querying from a system table function with parallelism

Following an incident at a customer’s production environment, Nathan Lifshes and I realized that we stumbled upon a yet-unknown bug in SQL Server, causing an access violation error, memory dumps, dropped connections, and even cluster fail-overs.

Read More »Access Violation error when querying from a system table function with parallelism

T-SQL Tuesday #131 – Star Trek Candy and SWITCH TO

This month’s #tsql2sday came to us from Rob Volk (b|t), who asks us to explain databases using an analogy, as if explaining to a 5 year old. I’m actually a big fan of The Feynman Technique (aka ELI5), so I really wanted to participate. But to be honest, I nearly missed out this time simply because I couldn’t think of an idea this whole week.

On the very last day, when the posts already started rolling out by all the bloggers, I’ve read a few, and only then the muse finally hit me. I kid you not, the time is literally 23:59 here in Israel as I hit the publish button!

So anyways, the idea I had was for the ALTER TABLE..SWITCH TO command in SQL Server.

Read More »T-SQL Tuesday #131 – Star Trek Candy and SWITCH TO

Feature Request – Expand MSX/TSX Capabilities for HADR

Following my presentation of “How to HADR Your SQL Server Jobs” at the HA/DR PASS Virtual Group yesterday, David Klee (@kleegeek) and I continued chatting for a bit longer after the recording was concluded. During which, the MSX/TSX feature of SQL Server came up, and David suggested that I’d utilize my newly earned MVP status to push a feature request to expand these capabilities.

Read More »Feature Request – Expand MSX/TSX Capabilities for HADR