SQL Server Security Bulletin MS15-058 Released

A SQL Server security bulletin (MS15-058) was released yesterday (14-Jul-2015).
This update resolves vulnerabilities in Microsoft SQL Server that could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address. This leads to a function call to uninitialized memory.
It applies to:
  • SQL Server 2008
  • SQL Server 2008 R2
  • SQL Server 2012
  • SQL Server 2014

If you feel confused about what version is affected, please read the blog post by Aaron Bertrand (an useful matrix here).

The KB is the #3065718, more details here.

 

Stay Tuned! :)

SQL Server Infernals – Circle 4: Anarchic Designers

Originally posted on spaghettidba:

Infernals

Constraints are sometimes annoying in real life, but no society can exist without rules and regulations. The same concept is found in Database Design: no good data can exist without constraints.

What they say in Heaven

Constraints define what is acceptable in the database and what does not comply with business rules. In Heaven, where the perfect database runs smoothly, no constraint is overlooked and all the data obeys to the rules of angels:

  • Every column accepts only the data it was meant for, using the appropriate data type
  • Every column that requires a value has a NOT NULL constraint
  • Every column that references a key in a different table has a FOREIGN KEY constraint
  • Every column that must comply with a business rule has a CHECK constraint
  • Every column that must be populated with a predefined value has a DEFAULT constraint
  • Every table has a PRIMARY KEY constraint
  • Every…

View original 498 more words

SQL Server Infernals – Circle 3: Shaky Typers

Originally posted on spaghettidba:

Infernals

Choosing the right data type for your columns is first of all a design decision that has tremendous impact on the correctness of the database schema. It is not just about performance or space usage: the data type is the first constraint on your data and it decides what can be persisted in your columns and what is not acceptable.

Choosing the wrong data type for your columns is a mistake that might make your life as a DBA look like hell.

What they say in Heaven

Guided by angelic spells, the hands that design databases in Heaven always choose the right data type. Database architects always look at the logical schema and ask the right questions about each attribute and they always manage to understand what the attribute is used for and what it will be used for in the future.

What will put you to hell

Choosing the…

View original 994 more words

SQL Server latest Updates (Jun. 2015)

SQL Server latest Updates (Jun. 2015)

Directly from the Microsoft Release Service blog, here is the list of latest updates for SQL Server 2014 RTM and SP1:

Cumulative Updates #8 for SQL Server 2014 RTM

Cumulative Updates #1 for SQL Server 2014 SP1

Additionally, you can download the new SQL Server Management Studio.  As in the Microsoft Release Service blog, the SQL Server Engineering Team says: “we are delighted to announce our first “preview” release of SQL Server Management Studio!  This is our first effort to release SQL Server Management Studio (SSMS) in a mechanism outside of the SQL Engine releases.  Our goal is to update this frequently with new features, fixes and support for the newest SQL Server features in SQL Server Engine and Azure SQL Database

Stay Tuned! :)

SQL Server Infernals – Circle 2: Generalizers

Originally posted on spaghettidba:

Infernals

Object-Oriented programming taught us that generalizing is a good thing and, whenever possible, we should do it. Complex class hierarchies are a good way of reusing code, hitting the specialized classes only when a special implementation is needed.

In the database world, the concept doesn’t play exactly well.

What they say in Heaven

In Heaven, there is a lookup table for each attribute, no matter how simple and no matter how small is the lookup table.

For instance, if your database is about sales, you probably have a Customers table and an Orders table, each with its own attributes resolved through a Foreign Key. The lookup tables are usually very small, with just a handful of rows in them:

lookup_good

Temptation comes from our own desires

Wouldn’t that be great if you could stop adding small, insignificant tables to your database schema? Wouldn’t it be a lot easier if you had…

View original 867 more words

SQL Server Infernals – Circle 1: Undernormalizers

suxstellino (Alessandro Alpi):

Considerations on normalization, one of the most popular topics speaking about RDBMS.

Originally posted on spaghettidba:

Infernals

There’s a special place in the SQL Server Hell for those who design their schema without following the Best Practices. In this first episode of SQL Server Infernals, we will explore together the Row of the Poor Schema Designers, also known as “undernormalizers”.

What they say in Heaven

In Heaven, where all Best Practices are followed and everything runs smoothly while angels sing, they design their databases following the rules of normalization. Once upon a time, there was a man who spent a considerable amount of his life working on defining the rules of the relational model. That man was Edgar Codd.

Mr. Codd laid down the rules of normalization, which are known as “normal forms”. The normal forms define the attributes of a well-designed database schema. While there are more normal forms, it is widely accepted that a schema is normalized when it follows the first three normal…

View original 873 more words

Announcing SQL Server Infernals

suxstellino (Alessandro Alpi):

Thanks to Gianluca Sartori (@spaghettidba)

Originally posted on spaghettidba:

Infernals

Today I’m starting a new blog series called “SQL Server Infernals”.

Throughout this series, I will take your hand and walk you through the hell of SQL Server Worst Practices, as Virgil did with Dante in his Commedia.

You may ask why you should care about worst practices, when you have loads of great sources for Best Practices. The answer is that they are not enough.

  • There are too many Best Practices: how are you supposed to know all of them?
  • There is no time to follow them all: when you’re in a hurry, sometimes it’s enough to know that you’re not doing it completely wrong.
  • They seem to be all equally important: experience helps you understand which Best Practices really are important and which ones are not.
  • It’s not always clear what happens when you don’t follow them.

On the other hand, Worst Practices can help you understand…

View original 121 more words