A Fine Slice Of SQL Server
Patrick Gruenauer asks, what’s in a name?:
Active Directory users log on with their logon names and password. But what are the rules for assigning usernames? g.surname? surname? gsurname? What are the naming conventions? This article looks for and modifies users who do not meet the naming convention.
Read on to see how it works.
Leave a CommentAditya Jain announces a preview:
Azure Key Vault support in Fabric Data connections is now in preview! With this capability, we are introducing a new concept called ‘Azure Key Vault references’ in Microsoft Fabric, using which, users can reuse their existing Azure key vault secrets for authentication to data source connections instead of copy-pasting passwords, slashing credential-management effort and audit risk.
Click through to see what works so far and the current limitations.
Leave a CommentAndy Leonard doesn’t need to ask for permission:
The problem we are trying to solve is: Grant an Azure Data Factory permission to execute the ReST API method calls against artifacts in a Fabric workspace.
I begin visiting the Azure Portal. If you don’t have an Azure account, you can create one. You can do a lot of things in Azure for little money, but you need an account and that account needs to be secured by a working source of funds in case you leave a virtual machine running for days. Hypothetically. BE CAREFUL. DO NOT LEAVE A VM RUNNING FOR DAYS.
Good en passant advice. I once blew through a $250 Azure credit by laving an HDInsight cluster on for, uh, a few hours.
Leave a CommentRick Dobson publishes a book of guaranteed random numbers, like 41 and 8:
Microsoft provides T-SQL developers with three functions (rand, newid, and crypt_gen_random) for generating random numbers. Each of these functions is effective at returning random values, but feature sets associated with each function make them best suited to different use cases. This tip’s Solution section presents an overview of common use cases for random numbers in SQL Server along with references to learn more about random numbers in SQL Server. The first substantive provides a short comparative overview of the three functions. The remaining tip sections present and describe T-SQL examples for evaluating the randomness of values returned by SQL Server pseudorandom number generators.
Knowing that SQL Server doesn’t have some nice entropy engine (which does exist, typically as an embedded device that plugs in to a USB port) to pull from, it does a pretty good job of things.
Leave a CommentRob Sewell does a bit of testing:
A contained user can create a Windows login as its own account, although as it cannot grant connect permissions it is then is unable to connect at all.
So if your vendor application is running as a contained user and during an upgrade it tries to create a login for itself, it will succeed in the creation but then be unable to connect to the SQL Server instance and the upgrade will fail.
Click through for the context and the proof.
Leave a CommentArun Sirpal doesn’t want to generate a SAS token:
I do believe most people know about the ability to backup your SQL server databases to URL (from Azure VMs). If you recall you would use the storage key ( ideally not) or a SAS token, from there you would create a SQL credential that is bound to the SAS token (as a secret). Lots of moving parts especially when it comes to rotation time. So now, if you are on the newer versions of SQL server (SQL Server 2022 Cumulative Update 17 ) start thinking about backups via managed identities.
Click through to learn how and why.
Leave a CommentVamshidhar Morusu writes on vulnerabilities:
Although open-source Java libraries are essential for contemporary software development, they frequently introduce serious security flaws that put systems at risk. The risks are highlighted by recent examples:
- Deep Java Library (CVE-2025-0851): Attackers can write files outside of designated directories due to a path traversal vulnerability in DJL’s archive extraction tools. Versions 0.1.0 through 0.31.0 are affected by this vulnerability, which may result in data corruption or illegal system access. Version 0.31.1 has a patch for it.
- CVE-2022-42003, Jackson Library: Unsafe serialization/deserialization configurations in the well-known JSON parser cause a high-severity problem (CVSS 7.5) that could result in denial-of-service attacks.
These illustrations highlight how crucial it is for open-source libraries to have careful dependency management, frequent updates, and security audits. Companies should enforce stringent validation and use automated vulnerability scanning tools.
Click through for a more detailed view of a third CVE, as well as tips to protect your data.
Leave a CommentStefan Miklosovic walks us through a new feature in Apache Cassandra:
Here’s the problem: while users have always had the ability to create whatever password they wanted in Cassandra–from straightforward to incredibly complex and everything in between–this ultimately created a noticeable security vulnerability.
While organizations might have internal processes for generating secure passwords that adhere to their own security policies, Cassandra itself did not have the means to enforce these standards. To make the security vulnerability worse, if a password initially met internal security guidelines, users could later downgrade their password to a less secure option simply by using “ALTER ROLE” statements.
Read on to see how CEP-24 helps with this. It looks like CEP-24 will be released in Apache Cassandra 5.1.
Leave a CommentChad Callihan fixes a mismatch:
Just as you can’t judge a book by its cover, you can’t judge a SQL Server login by its name.
With availability groups, you may notice a login on a primary replica and a “matching” login on the secondary replica. But just because the login is named the same on each replica doesn’t mean they’re the same to SQL Server.
Click through for the explanation and how you can fix it. The other way to fix it is to use Active Directory (or Entra ID) logins, though that’s not always in the cards.
Leave a CommentRebecca Lewis runs into a permissions error:
I received an email from a customer yesterday regarding their Replication, which began failing with this error after Windows updates were applied:
Message Replication-Replication Transaction-Log Reader Subsystem: agent servername-xxx2 failed. Executed as user: domainname\svcaccount. A required privilege is not held by the client. The step failed.
Slightly dummied, but the important content is in red. What does that mean? ‘A required privilege is not held by the client’… he didn’t change anything, I didn’t change anything – why is Replication suddenly failing with permissions problems?
Click through for the answer.
Comments closed