SQL Server Magazine UPDATE—brought to you by SQL Server Magazine and SQL Server Magazine Connections
THIS ISSUE SPONSORED BY
Fast Track to SQL Server Reporting Services
*Step-by-Step Guide*
(below COMMENTARY)
Free SSMU Online Training Orientation
(below NEWS AND VIEWS)
SPONSOR: FAST TRACK TO SQL SERVER REPORTING SERVICES
Aspirity's Fast Track to Reporting Services will provide customers with the skills and experience to build successful, cost-effective reporting solutions based on Microsoft SQL Server Reporting Services. The Fast Track program consists of three options: intensive training, hands-on consulting, or a comprehensive package combining the two. For customers who desire intensive instructor-led training, Aspirity provides two days of hands-on instruction that covers the full range of product features and real-world applications. For additional information on Aspirity's Fast Track to SQL Server Reporting Services, please contact Debbie Mullins, 1-800-848-6527, [email protected].
http://lists.sqlmag.com/cgi-bin3/DM/y/eRzm0COG2X0BRZ0BBgv0AQ
EDITOR'S NOTE
SQL Server Magazine UPDATE needs your input! Please take a few minutes to answer our online survey about how you use the newsletter and the Web site and whether you want to receive the newsletter in HTML format. We appreciate your time, and we'll register respondents for a chance to win one of 10 SQL Server Magazine baseball hats. We look forward to reading your comments. To answer the survey, click here.
July 31, 2003—In this issue:
1. COMMENTARY
- New Features in SP3a
2. SQL SERVER NEWS AND VIEWS
- Multiple Vulnerabilities Found in SQL Server
- Download Notification Services SP1
- Results of Previous Instant Poll: Downtime Tolerance
- New Instant Poll: DTS Expertise
3. ANNOUNCEMENTS
- SSMU Announces Performance Tuning Mini-Series
- Check Out the Database Performance Portal Today
4. RESOURCES
- What's New in SQL Server Magazine: Protecting Your Payload
- Hot Thread: Hanging Database in Enterprise Manager
- Tip: Registering the Same Instance Multiple Times
5. HOT RELEASES (ADVERTISEMENTS)
- OmniReplicator Accelerates Data Integration
- Free White Paper on Continuous Data Auditing
- Kick Start Your BI Initiative
- SQL Server Magazine Connections: 4-for-1 Offer
6. NEW AND IMPROVED
- Access XML for Analysis Web Services
- Understand a SQL Server Upgrade Project
7. CONTACT US
See this section for a list of ways to contact us.
1. COMMENTARY
NEW FEATURES IN SP3a
(contributed by Brian Moran, news editor, [email protected])
All SQL Server 2000 customers should have upgraded their production systems to Service Pack 3 (SP3) by now for protection against the Slammer worm and other security vulnerabilities. But Microsoft recently released SP3a without much fanfare. What does SP3a address and who needs to upgrade to it? Microsoft's original Web page describing SP3a didn't specify what new features the service pack included or whether you needed to apply SP3a if you were already using SP3. However, Microsoft has now provided clearer answers to these questions on the SP3a download site.
SP3a replaces SP3, which is no longer available from Microsoft. You can download SP3a at http://www.microsoft.com/sql/downloads/2000/sp3.asp. If you haven't already installed SP3, you should upgrade to SP3a, but Microsoft says that no serious security problems require you to deploy SP3a if you're already using SP3.
The SP3a download site is still a bit confusing, implying that some features available in SP3 are brand-new in SP3a. Microsoft says that only three features are new in SP3a: SP3a lets you apply service-pack upgrades to SQL Server 2000 Evaluation Edition, contains a new version of Microsoft Data Access Components (MDAC), and disables listening on port 1434 when networking is disabled. The other features listed under "Benefits" on the download site were already released in SP3. (To read about the problems that the new MDAC version solves, see the Microsoft articles "FIX: SQL Server Does Not Start and an Access Violation Occurs After You Install SQL Server 2000 Service Pack 3," http://support.microsoft.com/?kbid=814572, and "FIX-Performance Degradation and Memory Leak in the SQL Server ODBC Driver," http://support.microsoft.com/?kbid=814410.)
Figuring out which service-pack version you're running—SP3 or SP3a—can be confusing. The downloadable files for SP3a and SP3 have the same names, the build numbers for both packs are the same in most cases, and ServerProperty('ProductLevel') reports "SP3" for both versions. However, you can distinguish between versions by looking at the version number of the Net-Library file ssnetlib.dll. The readme.txt file for SP3a says that this file's version number will be 2000.80.760.0 for SP3 and 2000.80.766.0 for SP3a. I hope Microsoft makes it easier to tell service-pack versions apart in the future.
*STEP-BY-STEP GUIDE*
ALERT: "How a Hacker Launches a SQL Injection Attack Step-by-Step" It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
http://lists.sqlmag.com/cgi-bin3/DM/y/eRzm0COG2X0BRZ0BBgw0AR
2. SQL SERVER NEWS AND VIEWS
(contributed by Ken Pfeil, [email protected])
Andreas Junstream of @Stake discovered that three new vulnerabilities exist in SQL Server 2000 and 7.0 and Microsoft SQL Server 2000 Desktop Engine (MSDE) and MSDE 1.0, the most serious of which can result in the execution of arbitrary code on the vulnerable computer. These vulnerabilities include named pipe hijacking, named pipe Denial of Service (DoS), and a SQL Server buffer overrun. Microsoft has released Security Bulletin MS03-031, "Cumulative Patch for Microsoft SQL Server (815495)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.
http://www.secadministrator.com/articles/index.cfm?articleid=39667
Microsoft released Notification Services 2.0 Service Pack 1 (SP1), a standalone release of Notification Services. If you have an existing installation of Notification Services 2.0, you install SP1 side-by-side, then upgrade existing instances. Instructions for upgrading instances are in the Readme.txt file. Detailed instructions are in the "Upgrading Notification Services 2.0 Instances to Notification Services 2.0 SP1" paper, available on the Notification Services Technical Resources Web site at http://www.microsoft.com/sql/ns/techinfo/default.asp . You can read about the changes in SP1 in the Readme.txt file available from the download page at http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=79B34DA2-185F-455C-9365-96FFBC6DA608.
The voting has closed in SQL Server Magazine's Instant Poll for the question, "How much downtime can your system handle at any one time?" Here are the results (+/- 1 percent) from the 234 votes:
- 17% None
- 38% 1-15 minutes
- 27% Less than 3 hours
- 11% Less than 8 hours
- 7% Availability isn't a concern
The next Instant Poll question is "How would you describe your level of expertise with Data Transformation Services (DTS)?" Go to the SQL Server Magazine Web site and vote for 1) Expert, 2) Advanced, 3) Intermediate, or 4) Novice.
http://www.sqlmag.com
SPONSOR: FREE SSMU ONLINE TRAINING ORIENTATION
Join SQL Server Magazine University presenter Scot Reagin for a 30-minute online orientation on Monday, August 4, beginning at 1:00 P.M. Eastern Time. Discover how easy and cost-effective Web training can be! Reserve your seat today.
http://lists.sqlmag.com/cgi-bin3/DM/y/eRzm0COG2X0BRZ0BBgx0AS
3. ANNOUNCEMENT
(brought to you by SQL Server Magazine and its partners)
SQL Server Magazine University invites you to attend the Performance Tuning Mini-Series advanced-level online training course for SQL Server professionals. This live four-part Web seminar series will be presented on September 3, 10, 17, and 26, 2003, from 1:00 P.M. to 2:00 P.M. Eastern time by Kimberly L. Tripp. Register today!
http://lists.sqlmag.com/cgi-bin3/DM/y/eRzm0COG2X0BRZ0BBgy0AT
SQL Server Magazine and CSA Research have made available the Database Performance Portal. IT professionals conduct scalability studies, perform ad hoc systems health analysis, identify infrastructure bottlenecks, conduct off-site diagnostics, and qualify new hardware purchases.
http://lists.sqlmag.com/cgi-bin3/DM/y/eRzm0COG2X0BRZ07hf0As
4. RESOURCES
You can protect your application systems by using traditional firewalls and intrusion detection systems, but SQL content firewalls provide an additional layer of security for your SQL Server data. Because content firewalls inspect the data payload, you can use them to implement security policies that are based on business rules and semantic concepts--a more powerful approach than simply blocking ports and IP addresses. In "Protecting Your Payload," Ron Ben-Natan explains how an SQL content firewall can help protect your data. Read this August SQL Server Magazine article at
http://www.sqlmag.com/articles/index.cfm?articleid=39440
Sgfubt321 is creating in Enterprise Manager a new database that has a data-file size of 50GB and a transaction-log size of 5GB. Every time sgfubt321 sets the data-file and transaction-log sizes, the system hangs for 10 to 20 minutes--until he has to delete the application. What causes this behavior? See what other DBAs have said, and offer your advice, on SQL Server Magazine's Development forum at the following URL:
http://www.sqlmag.com/forums/messageview.cfm?catid=12&threadid=17838
(contributed by Brian Moran, [email protected])
Q. I'm trying to register a SQL Server instance through the new SQL Server registration option in Enterprise Manager. I receive a message that says, "A server with this name already exists," but the server doesn't exist in the SQL Server group that I'm trying to add the instance to. Why am I getting this message?
A. You'll receive this message if the server has already been registered through Enterprise Manager and added to a different top-level SQL Server group. You need to expand the other SQL Server groups in Enterprise Manager to see whether the server is registered in a different group.
Registering the same physical instance of SQL Server more than once might be convenient sometimes. You might want to connect to the same SQL Server instance by using different Net-Libraries for testing purposes or register the same server more than once under different user credentials so that you can test permissions. To register an instance multiple times, you create an alternative client alias that references the SQL Server instance. For example, you can register a SQL Server called MySQLServer more than once in Enterprise Manager by creating a client alias named MySQLServerNew and registering that name in Enterprise Manager. You create the alias by using the Client Network Utility. For more information about creating a client alias, read the SQL Server Books Online (BOL) topic "Managing Clients."
Send your technical questions to [email protected]
5. HOT RELEASE (ADVERTISEMENT)
Lakeview Technology's OmniReplicator provides real-time changed-data replication of your cross-platform information and automates data sharing across Oracle, DB2, Informix, Sybase and SQL Server. View the NEW OmniReplicator Demo by visiting our Web site.
http://lists.sqlmag.com/cgi-bin3/DM/y/eRzm0COG2X0BRZ08xl0AH
Proactively monitor and audit your data without the use of triggers and application modification with Lumigent(R) Entegra(TM)--the single most important, non-invasive solution for verifying, investigating, and reporting data activity. FREE white paper at:
http://lists.sqlmag.com/cgi-bin3/DM/y/eRzm0COG2X0BRZ0BBgz0AU
Join US-Analytics and Panorama Software for a web seminar. Learn how the right Business Analytics can enhance your company's ability to make better-informed decisions. Get real-time insight about your company, your customers and your competitors.
http://lists.sqlmag.com/cgi-bin3/DM/y/eRzm0COG2X0BRZ0BBg10AH
SQL Server Magazine Connections runs concurrently with Microsoft ASP.NET Connections, Visual Studio Connections, and Microsoft Office Systems Conference. $300 discount expires July 31. Register today and also receive four conferences for the price of one.
http://lists.sqlmag.com/cgi-bin3/DM/y/eRzm0COG2X0BRZ0ggP0AJ
6. NEW AND IMPROVED
(contributed by Carolyn Mader, [email protected])
Intellimerce announced Snowflake.net 2.0, a managed server-side ASP.NET component that provides you access to XML for Analysis Web Services. Snowflake.net can access multidimensional (OLAP) and relational database queries. You can generate analytical Web applications in your Visual Studio .NET development environment. Snowflake.net supports synchronized chart and grid views so you can see graphical results during analysis. Other Snowflake.net features include dice, slice, pivot, and zoom capabilities; depth coloring; a menu for browsing, adding and replacing dimensions, and slice selection; charting with 14 different chart types; print view; and fine-grained display control. Pricing for Snowflake.net starts at $999. Enterprise licensing starts at $4999. Contact Intellimerce at 905-361-2854.
http://www.intellimerce.com
Edgewood Solutions announced "The Start to Finish Guide to IT Project Management," an ebook by Jeremy Kadlec, a principal database engineer who focuses on SQL Server 2000, 7.0, and 6.5. The ebook illustrates a SQL Server 6.5-to-2000 upgrade project. The ebook is beneficial to professionals who are responsible for infrastructure and application development projects that require definition, organization, documentation, communication, and management of processes. For more information about the ebook, contact Edgewood Solutions at 888-788-2444 or [email protected].
http://www.edgewoodsolutions.com
7. CONTACT US
Here's how to reach us with your comments and questions:
- ABOUT THE COMMENTARY — [email protected]
- ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.sqlmag.com/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR SQL SERVER MAGAZINE UPDATE SUBSCRIPTION?
Customer Support — [email protected]
- WANT TO SPONSOR SQL SERVER MAGAZINE UPDATE?
More than 102,000 people read SQL Server Magazine UPDATE every week. Shouldn't they read your marketing message, too? To advertise in SQL Server Magazine UPDATE, contact Beatrice Stonebanks at [email protected] or 800-719-8718.
SQL Server Magazine UPDATE is brought to you by SQL Server
Magazine, the only magazine completely devoted to helping developers
and DBAs master new and emerging SQL Server technologies and issues.
Subscribe today.
http://www.sqlmag.com/sub.cfm?code=ssei211x1y
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email
