SQL Server Magazine UPDATE—brought to you by SQL Server Magazine
THIS ISSUE SPONSORED BY
FREE SQL Tool from NetIQ
SQL Server Magazine - No Risk Offer!
24 X 7 AVAILABILITY WEB SEMINAR
(below SQL SERVER NEWS AND VIEWS)
SPONSOR: FREE SQL TOOL FROM NETIQ
Need to know what's going on in your database environment? Quickly and accurately identify and investigate specific SQL Server problems with NetIQ's diagnostic dashboard, SQLcheck. This FREE tool organizes and explains critical information about your database server hardware, its operating system and SQL Server. Get the information you need for efficient database management today. Download SQLcheck now!
May 16, 2002—In this issue:
- Staying Ahead in the Security Game
2. SQL SERVER NEWS AND VIEWS
- Results of Previous Instant Poll: Beta Program Participation
- New Instant Poll: How You Troubleshoot
- Immediate Access to T-SQL Solutions!
- Are You Wasting Time Searching for SQL Server Answers?
4. HOT RELEASES (ADVERTISEMENTS)
- Data Quality and the Bottom Line
- Rich, Interactive Web-based Reporting!
- What's New in SQL Server Magazine: Query Analyzer Shortcuts
- Hot Thread: Failed Login
- Tip: Recompilation and Coding Owner Prefixes
6. NEW AND IMPROVED
- Simplify SQL Server Tasks
7. CONTACT US
- See this section for a list of ways to contact us.
(contributed by Brian Moran, news editor, [email protected])
Have you applied the latest SQL Server security patch? And how can you stay on top of all the security fixes coming down the pike from Microsoft and other sources? Security is an important topic in IT regardless of which technologies you specialize in, and lately I've been thinking about SQL Server security quite a bit. I'm planning to weave security discussions into my SQL Server UPDATE commentary during the next several weeks. But this week, I tell you about the most recent security patch from Microsoft, available online at the following URL, and one way you can stay abreast of Microsoft security patches. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/mS02-020.asp
The patch in Microsoft Security Bulletin MS02-020 (SQL Extended Procedure Functions Contain Unchecked Buffers) addresses an unchecked buffer security vulnerability that could let an intruder either crash your SQL Server or—even worse—run code of the attacker's choice. Neither option is particularly pleasant, and Microsoft's understated recommendation is to "apply the patch immediately to affected systems."The security bulletin provides instructions for applying the patch. Before you download the patch, you need to install SQL Server 2000 Service Pack 2 (SP2) or SQL Server 7.0 SP4. You'll find more details about the specific nature of the vulnerability in the Microsoft article "FIX: SQL Extended Procedure Functions Contain Unchecked Buffers".
Staying up-to-date with the latest security bulletins can be difficult, but that's the way to find a particular vulnerability before intruders do. To stay current, subscribe to the Microsoft HotFix & Security Bulletin Service at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/current.asp.
Trying to keep the intruders out without keeping on top of the latest security announcements is like playing video games against a Microsoft Xbox master who knows the secret codes that you don't know. The odds aren't fair, and you'll probably end up dead. The HotFix & Security Bulletin Service will ensure that you have the latest security information from Microsoft. Computer systems will always have undetected security vulnerabilities, and we'll always have intruders. It's the nature of the game. The trick is to be vigilant and proactive in your approach to security management.
SPONSOR: SQL SERVER MAGAZINE - NO RISK OFFER!
Hands-on, how-to articles covering Database Modeling, ADO.NET, XML, Performance Tuning, Security and all of the issues database developers and administrations need to know to manage SQL Server. Subscribe to SQL Server Magazine with this NO RISK offer and, if for any reason, you are not satisfied with your first issue, just write cancel on the invoice and return it to us. Keep the first issue with our compliments - no questions asked. Subscribe today at:
2. SQL SERVER NEWS AND VIEWS
The voting has closed in SQL Server Magazine's nonscientific Instant Poll for the question, "Has your company participated in Microsoft SQL Server beta programs?" Here are the results (+/- 1 percent) from the 192 votes:
- 15% Yes, several times
- 11% Yes, but only once or twice
- 39% No, but we'd like to
- 35% No, we're not interested
The next Instant Poll question is, "What's the first resource you turn to for troubleshooting SQL Server problems?" Go to the SQL Server Magazine Web site and submit your vote for 1) SQL Server discussion forums, 2) Microsoft online resources (TechNet, Knowledge Base, or Books Online), 3) Other SQL Server professionals you know, 4) Microsoft phone-based support, or 5) Other.
SPONSOR: 24 X 7 AVAILABILITY WEB SEMINAR
Need 24 x 7 Availability?
High-availability networks, systems, and applications are critical to every business. Sign up for our (free!) Webinar taking place on May 14 (sponsored by MKS), and find out how to achieve 24 x 7 availability on Windows 2000. Windows & .NET Magazine author Tim Huckaby shares his expertise on load balancing, monitoring, and more. Register today!
Exclusive in-depth articles, tips, tricks, and code samples all at your fingertips. Content you can't get anywhere else—brought to you by the SQL Server experts you trust such as Kalen Delaney, Itzik Ben-Gan, and others. Increase your productivity today! Go to the following URL.
The SQL Server Magazine Master CD gives you realtime, high-speed access to all the articles, code, and expertise from every issue of SQL Server Magazine ever published. Unique search features let you find what you need fast. Order your copy today!
4. HOT RELEASES (ADVERTISEMENTS)
Companies that treat their data as a strategic asset and invest in its quality are pulling ahead in terms of reputation and profitability. Click here to download the TDWI study to learn more compliments of DataFlux.
IntelliVIEW is an elegant, XML-based Reporting Solution to query, view and publish SQL Server data. IntelliVIEW is lightweight and scalable and with its incredible price-performance, offers an ROI 180% greater than our nearest competitor (Crystal Reports/Brio/BO etc.) Download the free IntelliVIEW client now!
As a SQL Server DBA, you probably use Query Analyzer every day to analyze SQL statements. In his article "Query Analyzer Shortcuts," SQL Server Magazine Senior Technical Editor Michael Otey shows you how to speed the process by using seven keyboard shortcuts that make Query Analyzer a more effective and productive tool. The article appears in the May 2002 issue of SQL Server Magazine and is available online at the following URL:
Member js is having trouble executing a SQL Server job because his login failed even though he has the appropriate permissions. Offer your advice and read other users' suggestions on the SQL Server Magazine forums at the following URL:
(contributed by the Microsoft SQL Server development team)
Q. In the June 2001 issue of SQL Server Magazine, you mentioned that to avoid recompilations, thereby improving performance, you can "try coding the object owner for referenced tables, views, and procedures inside your stored procedures" when submitting a query (e.g., select col1 from dbo.table1). Does SQL Server recompile if two tables with the same name exist in the database (e.g., dbo.table1, fred.table1)? Further, does SQL Server recompile the stored procedure if only dbo.table1 exists in the database.
A. SQL Server recompiles a stored procedure or a cached query plan even if only one table1 exists, because through the recompilation process, SQL Server checks the catalog for the appropriate object that the connection context issuing the query should use. When you don't qualify the owner name, SQL Server enters the compile code and acquires a COMPILE lock on the procedure. SQL Server eventually determines that a new plan isn't required, so at that point, SQL Server doesn't recompile the plan. However, when SQL Server takes the extra step of acquiring a COMPILE lock on the procedure, in situations of heavy load, blocking can occur. For more details about blocking contention, see the Microsoft article "INF: SQL Blocking Due to COMPILE Locks" ( http://support.microsoft.com/default.aspx?scid=kb;en-us;q263889).
Qualifying the table or view and the columns you use is also good practice. Qualifying those entities ensures that the query will continue to work as you expect—even if the underlying tables are altered—because the code explicitly names the tables that hold the columns you need. Otherwise, adding mycol1 to Table2 would cause a namespace clash and break the query. The following code snippet qualifies a table and columns:
SELECT a.mycol1, b.othercol1 FROM dbo.Table1 AS a INNER JOIN dbo.Table2 AS b ON a.myid=b.otherid
Send your technical questions to [email protected]
6. NEW AND IMPROVED
(contributed by Carolyn Mascarenas, [email protected])
Red Diamond Software announced DBA Toolkit 2.0, a collection of tools that make routine SQL Server tasks easy for DBAs. The product includes features such as JobStyles, which lets you define backup procedures; JobScheduler, which provides a graphical calendar view of job schedules; and DataScripter, which creates SQL insert statements from your data. The ScriptLibrary feature lets you organize existing scripts and store procedures in user-defined categories. For pricing, contact Red Diamond Software at 303-229-5258.
7. CONTACT US
Here's how to reach us with your comments and questions:
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR SQL Server Magazine UPDATE SUBSCRIPTION?
Customer Support — [email protected]
- WANT TO SPONSOR SQL Server Magazine UPDATE?
More than 102,000 people read SQL Server Magazine UPDATE every week. Shouldn't they read your marketing message, too? To advertise in SQL Server Magazine UPDATE,contact Beatrice Stonebanks at [email protected] or 800-719-8718.
SQL Server Magazine UPDATE is brought to you by SQL Server Magazine,the only magazine completely devoted to helping developers and DBAs master new and emerging SQL Server technologies and issues. Subscribe today.
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.