Tim Mitchell - All Comments

re: Give us SP3!

Tim Mitchell — Thu, 17 Apr 2008 00:06:43 GMT

It appears that our voice is heard...

blogs.technet.com/.../sql-server-2005-sp3-coming-soon.aspx

re: For those just starting out with SSIS

Ripal — Thu, 14 Feb 2008 15:37:46 GMT

Hi , can you suggest any online resource from where i can download the code for My SSIS Programminb.

I want to transfer my ABC.mdb dataabse into sql server !!

thanks

re: On the Importance of Documentation...

DonW — Mon, 14 Jan 2008 15:26:33 GMT

I also agree. It might not even be a case of saving your job, you might simply save your credibility. When someone asks you something about that section of code and you scratch your head and have to admit you are not sure what you were doing and why, some people tend to wonder if you have any idea what you are doing, period. It won't matter if you are able to tell them an hour later what was behind the code (if you do figure it out) you have still put a dent in your creditility that will take a long time to remove. I speak from first-hand experience.

re: On the Importance of Documentation...

Esbay — Mon, 14 Jan 2008 03:56:30 GMT

I totally agree, and would add, "Document even if you aren't comfortable writing!" Being a life-long documenter (well-trained in college), I tend to support all things documentation-related. But conversations with co-workers have enlightened me as to why some people don't document - and it's not always that they don't see the value. Sometimes, it's that they are self-concious. They aren't comfortable writing, or don't think they do it well, and are concerned that whomever reads their document will be judging them. (I blame this on over-zealous English teacher in High School, because if I had listened to the ones I had, I'd never write a word.)

Believe me, whoever reads your documentation will be very busy thanking you (think of all the good karma you're gathering), and secondarily busy fixing the problem based on your document. The last thing on their mind is whether your vocabulary or spelling meet some 11th grade teacher's criteria.

And the more you write, the better you become (as with all things, practice brings you closer to perfection). Document in the code with comments, create a short blurb on the what and why of the project (or mini-project, for many of us). Like Tim, I've had many times when I had to refer to my own documents six months later, and was thankful I had taken a few minutes to write the notes that saved my bacon.

re: Passed 70-431

Serge — Wed, 28 Nov 2007 21:14:55 GMT

Good SQL testing (SQL Server is used) can be find at
http://www.sql-ex.ru

re: Passed 70-431

Eswar — Tue, 27 Nov 2007 16:03:02 GMT

Hi Tim,
Congratulations on your exam. But can you please give me some help on this exams.
1> How are the exam questions?
2> Are all the questions are multiple questions?
3> Which company simulation questions did you got?

Thank you,
Eswar

re: Microsoft SQL Server certification

SAL — Wed, 28 Feb 2007 19:41:14 GMT

As someone(Beginner) who is looking to study SQL Server, what would you suggest as a starting point?

Thanks

re: Microsoft SQL Server certification

qiang — Wed, 28 Feb 2007 05:44:38 GMT

hi there, just want to tell you that the dark backgroud color with text in white on your site really hurts readers' eyes... well, at leat mine. After read through this page, some constant flashing stripes stayed in my vision at least 30 seconds...

re: Microsoft SQL Server certification

Markus Bohse — Mon, 26 Feb 2007 11:01:21 GMT

Not so sure what to think about the expiring certification thing. I don't really think it's necessary, because a certification is linked to a certain product version(SQL 2000, 2005) and on average there's a new version every 3-4 years anyway.
About the new exams, I'm surprised to hear that people seem to find them so difficult. Ok, it's a new style of exams having case studies and as always you can argue quite a lot of the answers, but even without any specific exam preparation I passed the MCTS and the MCITP for DBA and Developers. Especially the 70-444 exam I found very easy. Anyhow as long as there are things around like TestKing or Transcender, it will always be difficult to judge the real value of certifications.
Markus

re: Microsoft SQL Server certification

brian — Wed, 21 Feb 2007 13:44:03 GMT

Does the "expiring cert" style also effect network certs or does this just effect DB cers?

re: Be on the lookout for the mistakes of others

Regan — Fri, 16 Feb 2007 09:28:49 GMT

This is so true - I frequently have to trot out my oh no line... "I've seen this movie, and they all die in the end!!"

Until we (the IT industry) start forcing ourselves to consider security from the beginning of the design lifecycle, this problem will hang around. We all know that when we hit the last 1/3rd of a project, someone saying that "this is a problem, but not a bug" just doesn't get any traction. And I'm not talking about having to design for security (naturally that as well), I'm talking about:
1. Least-Rights-Required principle:
-making sure your developers DO NOT DEVELOP with elevated permissions.
-They DO NOT develop with SA.
-They DO NOT develop with DB_OWNER.
-They DO determine, at design phase, what users will be used, and what rights they require.
-They DO use those users in development, so that it gets developed correctly from dev, and we don't run into "insufficient permission" in the TEST environment, where the developer throws up his hands, says - "it works fine in dev - it must be connfiguration/environmental issues".

2. work in similarly configured environments:
-You (DBA) shall ensure that servers in DEV are configured the same as TEST, QA (hopefully you have this environment) and LIVE. That means at least:
-- authentication modes,
-- code pages,
-- users and permissions and roles

- ideally this means SQL versions, and installtions (clusters etc.) but we all know that many organizations can't afford 4 clustered, Ent Edition systems for a system. But at the very least, make sure that you have the same kind of layout - databases are on the same server's etc. I had the "joy" of working in an environemnt where the single DEV DB 'server' had all the organizations databases while TEST had a few servers with databases on the different DB servers. Eventually I managed to get instances installed on the Dev DB server, moved all the DB's onto instances that represented servers in the other environments, and after a while of complaining and struggling, people began to (a) understand the live environments better, (b) design solutions that worked outside dev :-)

re: SQL Injection... is this still a problem?

Richard — Mon, 16 Oct 2006 10:45:54 GMT

Stored procedures will not prevent SQL Injection problems unless they are used properly.

For example, this psuedo-code would be open to SQL Injection:

query = "exec GetData @UserName='" + name + "'"
connection.Execute(query)

Whereas this wouldn't:

query = new Command()
query.Text = "exec GetData @UserName = @UserName"
query.AddParameter("@UserName", name)
query.Execute()

MudLuck

Mudluck — Mon, 19 Jun 2006 17:46:01 GMT

There is and for the unforeseeable future always going to be a between a gap between developers, Project managers, Software testers and the DBA. The reason for this is priorities and perspective. The DBA sees the environment as a holistic machine with many parts that need to work in harmony to create Speed of response and Security among other things. The developer sees the database as a place to dump things to and retrieve things from. All a developer cares about in the end is getting his project to do those two things and any security permissions bug is 9 times out of 10 going to end up as the solution being granting the user dbo, or date_reader/ date_writer because these are easy answers. This is compounded by the fact that often in DEV and CERT the developer and software QA are given DBO rights to do there work and many developers are just to lazy to keep track of what table needs which rights. So the implied permissions of DBO and the like are just an easy answer. Luckily for me HIPPA has come about and the last two audits we have gone through have uncovered allot of this blanket access and has forced developers to refractor there apps, though as I have also discovered a DBA must be patient as nothing happens overnight.
The answer for any company is to but someone(s) in charge as a fulltime DBA. Allow that person the opportunity to raise the flag and reject releases that do not comply. It’s amazing how fast standards get enforced when a few key rollouts get held up. If the DBA can feel that his voice is being heard and he/she can train the developer in a better practices for security then you will see quality improve over time. Quality takes effort as great databases aren’t just created overnight.

If its 3rd party you have even less of a chance of changing the code. My recommendation would be one of the following.

1. Look at other vendors and hopefully there is someone else that has better code.
2. Submit each and every bug you find to the vendor and threaten to bail out of your service contract if nothing is done in a timely manner.
3. Write it yourself if you have the time, resources, and the money.

re: Be on the lookout for the mistakes of others

Mon, 19 Jun 2006 14:24:05 GMT

Try MS Sharepoint. If it is not the db_owner (not just a member!), it won't run. We traced it, and the app makes a call to the server, and if the answer is not dbo, it won't play.

re: Be on the lookout for the mistakes of others

Joan — Mon, 19 Jun 2006 11:25:03 GMT

The challenge is once you discover the flaw how do you get them to change. As a DBA I have been faced with this exact configuration and have been trying to convince development that this is wrong, but they will not listen. They spend more time trying to show flaws in other suggestions rather than work together to implement a viable solution.