Press "Enter" to skip to content

Category: Administration

Postgres Tuning Settings

Semab Tariq shares a few tips:

PostgreSQL is a widely used database known for its robust performance and reliability. To get the most out of PostgreSQL, tuning its parameters is crucial.

In this blog, we will explore the various PostgreSQL performance-related parameters and how to tune them effectively. By measuring Transactions Per Second (TPS) before and after tuning, and analyzing the results, we will demonstrate the significant impact of tuning on PostgreSQL performance.

Click through for some of the sorts of settings you might want to review. In Semab’s case, a simple server achieved nearly 30% better throughput after making these changes, so that’s not bad for the level of effort.

Comments closed

Certificate Expiration Dates and TDE

Mike Lynn talks Transparent Data Encryption:

Transparent Data Encryption uses certificates in its architecture for protecting your data while at rest. One attribute of a certificate is they have an expiration date. Certificates expire for a couple reasons, but the main reason is to enforce security. When a website certificate expires it forces the website owners to get a new certificate by proving they are who they say they are with a trusted third party. 

SQL Server certificates that are used for TDE also have an expiration date, but these dates are only checked when you are creating a self-signed certificate using the “CREATE CERTIFICATE” T-SQL command. If you don’t supply an expiration date when creating your certificate SQL Server will assign one that is 1 year into the future.

Read on to learn more about how it works with TDE. I will say that with encrypting backups, SQL Server does care about the expiration date when it comes to creating a new encrypted backup, but not when it comes to restoring a backup.

Comments closed

Failure Mode and Effect Analysis on Databases

Mika Sutinen thinks about how things could go wrong:

Failure Mode and Effect Analysis(FMEA) is a process of building more resilient systems, by identifying failure points in them. While it’s highly recommended to perform FMEA during the architecture design phase, it can be done at any time. More importantly, it should be reviewed periodically, and especially when the system architecture changes.

While you can do Failure Mode and Effect Analysis for whole systems, in this post, I will share an example on how to get started with FMEA for a database environment.

Read on for a description of the concept and some tips on how to perform one.

Comments closed

Copying an Azure SQL Database

Josephine Bush makes a copy:

It’s as simple as this for each db you want a copy of. Just run it from the master db. This works if you want to make a copy on the same server. If you want to make a copy from another server, you would have to connect via PowerShell.

Click through for the T-SQL syntax. I’ve used this before on some reasonably large databases and it can take a while for that copy command to finish, but if you’re feeling impatient, you can check the status of the job using sys.dm_operation_status.

Comments closed

xp_cmdshell and Security

Jeff Iannucci talks xp_cmdshell:

That most likely means the hacker in the incident gained access to SQL Server, and then used xp_cmdshell to open a Windows command shell. With that shell opened, they could then pass DOS and/or PowerShell commands to collect information and download malware onto the server.

It sounds dangerous. It is. But whether or not xp_cmdshell is enabled is irrelevant.

Exactly. This is something Sean McCown has harped upon for years, and I’ve done my best to follow. You can do bad things with xp_cmdshell, but disabling it doesn’t actually help for reasons Jeff mentions. Instead, assuming you need xp_cmdshell for some work, don’t go beyond the pre-set limitations (where a user needs sysadmin or CONTROL SERVER) and it’s fine.

Comments closed

Scaling Fabric Capacity Up and Down via E-Mail

Gilbert Quevauvilliers takes on a challenge:

I always enjoy a good challenge and I got it working! In this blog post I will use the same method where I am sending an email to scale up or scale down my Fabric Capacity.

The good news is that this works if the Capacity is paused or running (It might take a bit more time when running).

brb, sending Gilbert’s task an e-mail.

Actually, Gilbert does a good job in making sure that the sender has to be his e-mail address and not just some rando’s.

Comments closed

Managing the SQL Server Error Log

David Seis doesn’t let the error log get out of hand:

SQL Server offers a robust logging mechanism known as the SQL Server Error Log. This log plays a crucial role in troubleshooting, auditing, and ensuring the smooth operation of your SQL Server instances. You can explore the SQL server error log through SQL Server Management Studio in the management folder. There are various tools in the GUI to make navigation easier, as well as stored procedures to enable faster parsing of the data stored.

Read on for a few tips around log management.

Comments closed

OLE Automation Security

Jeff Iannucci talks about OLE Automation:

It’s rare to see OLE Automation procedures enabled on a SQL Server instance. Most folks aren’t using these specially system procedure because they didn’t have a need to use them, have a compliance requirement that prohibits using them, or they tried using them and had adverse results. As the Microsoft documentation on OLE Automation stored procedures notes:

“Don’t directly or indirectly call Automation procedures from any SQL Server common language runtime (CLR) objects. Doing so can cause SQL Server to crash unexpectedly.”

But if this setting is enabled in any of your SQL Server instances, you need to consider it similarly to the xp_cmdshell setting. By that I mean: this is probably not a problem, but you should try to figure out why the setting is enabled, and how its associated system stored procedures are being used.

I find this perfectly reasonable. There’s a lot of fear around xp_cmdshell, when in practice, it doesn’t affect security at all unless you completely mess things up and start granting rights to non-sysadmins.

Comments closed

Don’t Enable TRUSTWORTHY on SQL Server

Jeff Iannucci shares good advice:

If you have ever used our free tool to check SQL Server security, you may have seen the check for the “TRUSTWORTHY database owned by sysadmin” show up as one of the highest of priority items, requiring action. When we started reviewing the security permissions and configurations for our clients’ instances, we didn’t expect to find it very often since TRUSTWORTHY database setting is off by default.

Unfortunately, this has been discovered with some frequency, and when combined with a few other common practices, it presents a tremendous vulnerability to escalate privileges for both authorized users and hackers.

Read on to learn more about this. And to supplement, I will once again link Solomon Rutzky’s outstanding guide on the topic.

Comments closed