Welcome to Database Weekly

Microsoft Internet Explorer Local File Disclosure Vulnerabilities Two vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to disclose sensitive information. 1) An error in URLMON when handling redirections can be exploited to bypass domain restrictions and disclose the content of arbitrary local files. read more... In wake of hack, Google negotiating cooperation with the NSA In January, Google went public with news that some of its systems had been hacked, along with those of a number of US-based companies. The attacks had targeted both accounts maintained by political activists and commercial code, and Google pointed the finger straight at China, vowing to change its entire approach to business in that country. But a report now suggests that the company is also looking to beef up its internal defenses to prevent a repeat of the attacks. read more... Microsoft warns of IE flaw, turns PC into public file server Microsoft has issued Security Advisory (980088) to address a publicly disclosed vulnerability in Internet Explorer that may allow information disclosure for Windows XP users or for users who have disabled Internet Explorer Protected Mode. The advisory explains that content can be forced to render incorrectly from local files in such a way that information can be exposed to malicious websites. read more... Getting over the barriers to wiki adoption As I continue to research and write my upcoming book on wikis, I keep hearing one word over and over again. That word is "BUT" (complete with all-caps), as in, "I would like to use a wiki, BUT…" or "We tried using a wiki, BUT… read more... Microsoft probes Windows 7 laptop battery problems Laptop users claim the new Windows 7 OS has permanently crippled their batteries read more... Apple patches critical flaws in iPhone, iPod Touch Apple today patched five vulnerabilities in the iPhone's operating system, including one in a password-locking feature that's required attention before. read more... We Don't Need no Stinkin' Innovation Artima is a running bunch of message threads on subjects generally related to coding; occasionally databases directly, but not so much recently. There is a current thread, started by Bruce Eckel, discussing the proposition that software development has stalled. The thread then mixed in ideas of innovation and concurrent machines. Well, this was too much to ignore. read more... ROWCOUNT when setting variables At work last week the question was raised about what @@ROWCOUNT value was returned when you set variables in a SELECT statement. One of the most common problems you come across reviewing code as a DBA is the setting (or not) of a variable to something that the developer wasn’t expecting! read more... Finding Stuff in SQL Server Database DDL You'd have thought that nothing would be easier than using SQL Server Management Studio (SSMS) for searching through the DDL for the names and definitions of the structural metadata of your databases, for the occurrence of a particular string of letters. Not so easy, it turns out, though Phil Factor is able to come up with various methods for various purposes. read more... Identities and Transactions I talked a little recently in a blog about gaps in identity values. They can occur when you delete rows, and the identity process doesn’t “fill in” those gaps or otherwise manage the values to maintain a continuous sequence. Something similar happens with transactions, and it’s a behavior you might not expect. read more... DBCC CHECKDB() on ResourceDB? I’m using Ola Hallengren’s backup and maintenance scripts to do my integrity checks, but you can’t run DBCC CHECKDB() against ResourceDB, can you? Well, just to verify I tried it and got this message... read more... Knowing how to use ATTRIB ATTRIB is one of those commands back from the days of DOS which most folks don't even realize it's there. The purpose of the command, as its name implies, is to manage the attributes of files and folders. read more... SQLSaturday & PASS – More Details Yesterday I posted the news that SQLSaturday is now owned by PASS, today I’d like to share a bit of the history behind SQLSaturday and why we thought it made sense for it to transition to PASS. read more... SQLSaturday #42 Announced! Dave Schutz will be leading the first ever SQLSaturday in Columbus, OH on June 5, 2010 at the Fawcett Center in Columbus. Registration and call for speakers is now open. read more... I think it’s a hole I was trying to help someone that had removed the BUILTIN/Administrators logins from their instance without first setting up another user/group as sysadmin. Actually...I was telling them that finding the media would be a good move to prepare for the reinstallation. Then someone posted a note that if you start SQL Server in single user mode, then you can connect with the administrator account and get sysadmin access. read more... Simple Query tuning with STATISTICS IO and Execution plans A great deal can be gleaned from the use of the STATISTICS IO and the execution plan, when you are checking that a query is performing properly. Josef Richberg, the current holder of the 'Exceptional DBA' award, explains how an apparently draconian IT policy turns out to be a useful ways of ensuring that Stored Procedures are carefully checked for performance before they are released read more... Writing Efficient SQL: Set-Based Speed Phreakery Phil Factor's SQL Speed Phreak challenge is an event where coders battle to produce the fastest code to solve a common reporting problem on large data sets. It isn't that easy on the spectators, since the programmers don't score extra points for commenting their code. Mercifully, Kathi is on hand to explain some of the TSQL coding secrets that go to producing blistering performance read more... Creating and using a Time (not Date) Table/Dimension Recently, the need came up to do groupings of data on the hour of the day, for call center tracking. When I heard the person who would be doing the coding start to say something about using datepart and such, I said, "I know a better way". If you can calculate the number of minutes past midnight, then I could do the rest with relative ease, much like their current experience with the date dimension. read more... When bad error messages happen to good people Over the years I have largely been amused by the variance in error messages that come out of SQL Server. Some are very verbose and some even border on provide too much information, but the ones that irk me are the ones that leave you scratching your head. I wanted to point out a few of these, and ask if you have any misleading or unhelpful error messages that you see a lot? read more... Avoiding calculated column in DAX A calculated column is a DAX expression which is evaluated when the PowerPivot workbook is updated. It is very useful, but there are cases where you want to delay calculation at query time. read more...