A Fine Slice Of SQL Server
I finish up a series on GitHub:
In this video, I show off some of the GitHub Advanced Security functionality available to open-source public repositories, and describe what you can get with GitHub Enterprise Cloud.
It’s been fun going through various features in GitHub, but next week, I’ll start a brand new series.
Leave a CommentSam Garth troubleshoots an issue:
On a recent case, a customer was trying to restore a database from a storage account using a SAS token when they received the below error.
An exception occurred while executing a Transact-SQL statement or batch.
(Microsoft.SqlServer.ConnectionInfo)Additional information:
Cannot open backup device
‘https://storage.blob.core.windows.net/container/dbbackup_2024_03_21_121901.bak‘
Operating system error 86(The specified network password is not correct.).
RESTORE HEADERONLY is terminating abnormally. (Microsoft SQL Server, Error: 3201)
Read on for the troubleshooting steps Sam followed to solve the problem.
Leave a CommentJeff Iannucci announces a new tool:
Maybe you have some scripts you found on the internet to check some SQL Server security settings or look for odd permissions. Or maybe you don’t. Well, sp_CheckSecurity checks about 40 different objects, configurations, and permissions for possible issues. You can read more details about it on the sp_CheckSecurity page.
I’m glad to see a new tool in the security space. Chris Bell used to have sp_woxcompliant when he was still consulting, but that’s lost to history now (though I do have a copy on my PC, as one does). You can run CIS checks in dbachecks and Chrissy LeMaire has a Powershell module for DISA STIG auditing, but I’m not sure how easy that is for a DBA or consultant to use.
H/T Jeff Iannucci, who gave me the friendly reminder to add the blog.
Leave a CommentVlad Drumea doesn’t want a dynamic port number:
This post demos a script that I’ve put together to automate the configuration of the static TCP port for a SQL Server instance using PowerShell.
The script is derived from another PowerShell script that I’ve written to help spin up SQL Server test instances in my home lab.
This should be helpful you’re working in a restrictive environment where you can’t install additional PowerShell modules, and you couldn’t take advantage of dbatools’ Set-DbaTcpPort.
Click through for the script, but also use dbatools whenever you can because it’s a good product and I haven’t done any unpaid shilling for them in far too long.
Leave a CommentIn this video, I show you how you can prevent people from checking directly into a specific branch, as well as explaining why you might want to enable this feature and how it looks for administrators.
Admittedly, this video would work a bit better with multiple user accounts, but I think I got the general point across.
Leave a CommentWe are pleased to announce the GA release of enhanced patching capabilities for SQL Server on Azure VMs using Azure Update Manager. When you register your SQL Server on Azure VM with the SQL IaaS Agent extension, you unlock a number of feature benefits, including patch management at scale with Azure Update Manager.
Read on to see what this does, how you can set it up, and how you can migrate from the SQL Server IaaS agent extension’s automated patching service.
Leave a CommentVlad Drumea is a trusting fellow:
This post covers a few ways to fix the SSL certificate error 1416F086 returned by sqlcmd on Linux when connecting to SQL Server.
If you’re looking for ways to fix the Windows equivalent of this error when using dbatools, check out this blog post.
It’s interesting how much controversy we’re seeing around tools like sqlcmd and (especially) SQL Server Management Studio defaulting to mandatory encryption. Having signed and valid certificates is a critical part of validating that this SQL Server is actually the one you think it is, and no intermediary attacker has swapped the certificate out with a phony one that allows the attacker to spy on your interactions.
I can understand people who are just messing around with SQL Server locally to experience pain on this, but the sheer number of actual companies—including companies using Central Management Servers, which implies having multiple SQL Server instances—with garbage-tier self-signed certificates is discouragingly high.
By the way, I’m aiming none of my rant at Vlad or this post. It’s just top-of-mind and this was as good a vehicle for rant delivery as I could find.
Leave a CommentMuhammad Ali explains quite a few of the security terms in PostgreSQL:
PostgreSQL has a fine grained system for for managing user roles and privileges. This helps admins decide who can access certain data and what they’re allowed to do with it. It’s about managing permissions, where you can create different roles and roles can be a member of other roles.
In this blog, we will dive into PostgreSQL user roles and permissions, covering databases, schemas, and other objects level privileges, following a FAQ format.
Most of this is similar to security in SQL Server, though there are some differences to watch out for.
Leave a CommentCraig Kerstiens implements row-level security:
Row-level security (RLS) in Postgres is a feature that allows you to control which rows a user is allowed to access in a particular table. It enables you to define security policies at the row level based on certain conditions, such as user roles or specific attributes in the data. Most commonly this is used to limit access based on the database user connecting, but it can also be handy to ensure data safety for multi-tenant applications.
Read on to see how you can implement it. It’s pretty similar to the way we do it in SQL Server, though SQL Server has a few parts of policy evaluation that are more explicit versus putting the execution function code itself in a USING clause.
Daniel Hutmacher shares a couple scripts:
Recently, my home ISP has started changing my public IP address. This causes me some headache because I have a couple of Azure Network Security Group rules (think of them as firewall rules) that specifically allow my home IP access to all of my Azure resources. When my home IP changes, those rules have to be updated accordingly.
So I made a PowerShell-based solution to automatically maintain them.
Read on for the process.
Comments closed