SQL Server Magazine UPDATE, June 26, 2003

Brian Moran talks about the possibility of the Slammer worm coming back to cause more problems, learn full-text search basics, get the results of our latest instant poll, and more!

11 Min Read
ITPro Today logo in a gray background | ITPro Today

SQL Server Magazine UPDATE—brought to you by SQL Server Magazine and SQL Server Magazine Connections

THIS ISSUE SPONSORED BY

Precise/Indepth for SQL Server
   http://lists.sqlmag.com/cgi-bin3/DM/y/eRYx0FgQMn0BRZ0BAom0AS

Join Our Upcoming One-Hour Live Web Seminars
   http://lists.sqlmag.com/cgi-bin3/DM/y/eRYx0FgQMn0BRZ0BA6t0Ac
(Below COMMENTARY)

TDWI World Conference: Boston, August 17-22
   http://lists.sqlmag.com/cgi-bin3/DM/y/eRYx0FgQMn0BRZ0BAol0AR
(below NEWS AND VIEWS)

SPONSOR: Precise/Indepth for SQL Server

Need help optimizing the performance of your SQL Server database? Precise/Indepth for SQL Server gives businesses the Application Performance Management they need by proactively monitoring, analyzing, and tuning SQL Server databases. It not only identifies business performance problems, it helps solve them. To ensure that your business applications perform at peak efficiency, Precise/Indepth for SQL Server provides a complete view of application performance by capturing, measuring, and correlating performance metrics from all critical system components. Download a copy and start optimizing your database today!
   http://lists.sqlmag.com/cgi-bin3/DM/y/eRYx0FgQMn0BRZ0BAom0AS

June 26, 2003—In this issue:

1. COMMENTARY

  • Slammer Raising Its Ugly Head Again?

2. SQL SERVER NEWS AND VIEWS

  • Microsoft Releases Analysis Services Fixes

  • Results of Previous Instant Poll: DB2 Universal Database Express Edition

  • New Instant Poll: Slammed Again?

3. ANNOUNCEMENTS

  • Guide to Securing Your Web Site for Business

  • Attention Visitors to http://www.sqlmag.com

4. HOT RELEASES (ADVERTISEMENTS)

  • SQL Server Magazine Connections: Fall Dates

  • SQL Server Worldwide User's Group Help Center

5. RESOURCES

  • What's New in SQL Server Magazine: Control Replication with ActiveX

  • Tip: Full-Text Search Basics

6. NEW AND IMPROVED

  • Convert from Microsoft Access to SQL Server

  • Tune Database Code

7. CONTACT US

  • See this section for a list of ways to contact us.

1. COMMENTARY

  • SLAMMER RAISING ITS UGLY HEAD AGAIN?


(contributed by Brian Moran, news editor)

You might think the Slammer worm is old news. But the worm—or an ugly cousin—might be making its rounds again soon, thanks to Wired Magazine's publication of the original Slammer worm's full source code in its July issue.

The practice of publishing malicious programs' source code is hotly debated in the security community. Many people argue that full disclosure and publication of programs such as Slammer is valuable because it lets those in charge of security know what they're up against so they can better protect their systems. I tend to take the more conservative view that publishing this source code serves only to give troublemakers a chance to improve on the fastest-spreading Internet worm of all time. Some of these potential virus-writers might not have the skill to create a Slammer-like attacker from scratch, but they can certainly release a variant of the worm into the wild.

In response to the threat of someone creating a new and improved Slammer, Microsoft is renewing its efforts to protect all SQL Server customers from the worm. You can find Microsoft's response to the publication of Slammer's source code, as well as technical resources and automated tools that make it easy to find and patch Slammer-vulnerable systems on your network.

Don't assume that you're safe just because the worm didn't hit you last time or because you've patched your systems already. One reason Slammer spread so quickly the first time around was because so many instances of Microsoft SQL Server Desktop Engine (MSDE) were vulnerable to infection. End users or application-development teams can easily install MSDE instances on machines across your corporate network, perhaps as part of other product installations, without you knowing about them. So you can't assume you've covered all your bases just because you've patched all your "real" servers.

Microsoft has updated its Slammer resource site to make it easier than ever to find and root out these unprotected MSDE instances as well as vulnerable full SQL Server instances. If a born-again Slammer or kindred worm hits your company because you didn't take a few moments to run Microsoft's automated tools, you'll have no one to blame but yourself.

Join Our Upcoming One-Hour Live Web Seminars

Participate in our one-hour presenter-led online classes with a 15-minute Q&A session at the end. All Web Seminars are chock-full of the latest technical information to help keep your systems running smoothly while you hone your SQL Server skills for the tight job market. Get complete details at:
   http://lists.sqlmag.com/cgi-bin3/DM/y/eRYx0FgQMn0BRZ0BA6t0Ac

2. SQL SERVER NEWS AND VIEWS

  • MICROSOFT RELEASES ANALYSIS SERVICES FIXES


Microsoft has issued a set of fixes for various problems in SQL Server 2000 Analysis Services and SQL Server 2000 64-bit Analysis Services. The company notes that the fixes are intended to correct only the problems described in the following Microsoft articles and should be applied only to systems experiencing these specific problems. Microsoft says the fixes might undergo additional testing to further ensure product quality. So if none of these problems are severely affecting your systems, the company recommends that you wait for the next service pack that contains the fixes.

  • FIX: Remote Partitions Are Marked as "Unprocessed" After You Perform an Incremental Update of a Virtual Dimension
       If you try to perform an incremental update of a virtual dimension used in a remote partition for a cube, the remote partition is marked as "unprocessed" and the data files are removed from the remote server that's running Analysis Services.
        http://support.microsoft.com/default.aspx?scid=kb;en-us;822651

  • FIX: Incremental Update Process May Fail On Cubes or Partitions That Use the HOLAP Storage Mode
       If you perform an incremental update of a cube or partition that uses the HOLAP storage mode, the process might fail during the merge-partitions processing step. An error message is logged in the Application event log and in the Analysis Services processing log.
       http://support.microsoft.com/default.aspx?scid=kb;en-us;819020

  • FIX: Cannot Create an Offline Cube That Contains a Parent-Child Dimension
    If you try to create an offline cube and both the following conditions are true, the creation of the cube fails:

  • RESULTS OF PREVIOUS INSTANT POLL: DB2 UNIVERSAL DATABASE EXPRESS EDITION


The voting has closed in SQL Server Magazine's Instant Poll for the question, "Are you interested in IBM's new DB2 Universal Database Express Edition?" Here are the results (+/- 1 percent) from the 273 votes:

  • 8% Yes, we already use DB2

  • 12% Yes, if it suits our business needs

  • 10% Yes, it the price is right

  • 70% No, we're not interested

  • NEW INSTANT POLL: SLAMMED AGAIN?


The next Instant Poll question is "If attackers release a new Slammer-like worm, are your SQL Server and MSDE instances safe?" Go to the SQL Server Magazine Web site and vote for 1) Yes, 2) No, or 3) I'm not sure.
   http://www.sqlmag.com

SPONSOR: TDWI World Conference: Boston, August 17-22

Join keynote speakers Ralph Kimball and Barry Devlin, and other BI & DW visionaries in historic Boston for this premier educational event. Over 50 Full-Day, Half-Day, and Evening Classes. Peer Networking. Hands-On Labs. Hassle-Free Exhibits & More.
   http://lists.sqlmag.com/cgi-bin3/DM/y/eRYx0FgQMn0BRZ0BAol0AR

3. ANNOUNCEMENTS


(brought to you by SQL Server Magazine and its partners)

  • GUIDE TO SECURING YOUR WEB SITE FOR BUSINESS


Download VeriSign's new whitepaper, "Guide to Securing Your Web Site For Business," and discover the practical business benefits of securing your Web site. You'll also learn more about the innovative processes and technologies VeriSign uses to address Internet security issues. Download your free copy now!
   http://lists.sqlmag.com/cgi-bin3/DM/y/eRYx0FgQMn0BRZ0BAMg0Am

  • ATTENTION VISITORS TO HTTP://WWW.SQLMAG.COM


If you've been putting off subscribing to SQL Server Magazine, now's the time to act. Starting July 1, the past 24 issues of SQL Server Magazine online will be locked down and available only to subscribers. For a limited time, subscribe at the best rates ever offered online!
   http://lists.sqlmag.com/cgi-bin3/DM/y/eRYx0FgQMn0BRZ0BA1w0Aa

4. HOT RELEASES (ADVERTISEMENTS)

  • SQL SERVER MAGAZINE CONNECTIONS: FALL DATES


Secure your seat for SQL Server Magazine Connections, which runs October 13-15, concurrently with Microsoft ASP.NET Connections, Visual Studio Connections, and Microsoft Office System Conference. Register now to receive the best registration discount.
   http://lists.sqlmag.com/cgi-bin3/DM/y/eRYx0FgQMn0BRZ0ggP0AN

  • SQL SERVER WORLDWIDE USER'S GROUP HELP CENTER


SSWUG.org (www.sswug.org) provides resources, help, articles, scripts, news, links and much more on a daily basis on the use and support of SQL Server, Oracle and XML. Sign up for the daily newsletter.
   http://lists.sqlmag.com/cgi-bin3/DM/y/eRYx0FgQMn0BRZ0BAaZ0At

5. RESOURCES

  • WHAT'S NEW IN SQL SERVER MAGAZINE: CONTROL REPLICATION WITH ACTIVEX


In these days of distributed computing, getting the right data to and collecting it from the remote parts of your enterprise is crucial to the success of your business. And keeping all this data synchronized is no easy task, particularly across low-bandwidth or inconsistent network connections. The situation is even worse for mobile users, such as your salespeople, who often work in disconnected mode, then upload their changes to the database all at once. SQL Server, however, offers a flexible replication solution that lets you distribute data to users across your enterprise. Although you can manage replication and control the replication agents from Enterprise Manager, ActiveX controls let you programmatically administer, customize, and control an entire replication topology. Jeannine Hall Gailey's July article, "Control Replication with ActiveX," shows you how to implement this powerful programmatic tool. Read the entire article at
   http://www.sqlmag.com/articles/index.cfm?articleid=39079

  • TIP: FULL-TEXT SEARCH BASICS


(contributed by Microsoft's SQL Server Development Team)

Q. I've created a full-text index on a table, and I have questions about SQL Server 2000's full-text search component. First, can full-text search look for a suffix (e.g., match the phrase *mation to determine whether a field contains words such as "information")? Second, can you use full-text search to search for words in close proximity to each other? If you can, how many words can separate the search words before the search fails? Third, how can you modify the noise-word list?

A. The answer to your first question is that you can't directly do a suffix search. However, you can work around the limitation in a couple of ways. You can use the LIKE predicate in a clause such as "WHERE mytext LIKE N'%suffix '". However, using LIKE requires a scan of all the rows in the table you're searching, which could impede performance. Alternatively, you can duplicate and index the data in reverse (e.g., "imagination" becomes "noitanigami"), then search for the string noitani*.

The answer to your second question is yes, you can use a proximity search, which searches for words near one another. The correct syntax is

   USE pubs   GO   SELECT title, notes   FROM titles   WHERE CONTAINS (notes, 'user NEAR computers')   GO

You can also use the tilde (~) character and mix and match with postfix operators. (For details about this technique, see "Searching for Words or Phrases Close to Another Word or Phrase (Proximity Term)" in SQL Server Books Online—BOL.) The ranking values that the search returns determine what qualifies as "near." If you use the CONTAINSTABLE clause, you can get the ranking values and do further experimenting.

The answer to your third question is that the word-breaker characters are inherent in the languages used and you can modify the noise-word list. Noise words are words that are automatically excluded from a full-text query search. For example, a typical search excludes the words "a," "and," and "the". The "Full-Text Index and Querying Concepts" topic in BOL explains how to modify the noise-word files. Use caution when changing the noise-word lists, however, because if you allow more words in your searches, you can dramatically increase the size of your indexes.

Send your technical questions to [email protected].

6. NEW AND IMPROVED


(contributed by Carolyn Mader)

  • CONVERT FROM MICROSOFT ACCESS TO SQL SERVER


ConverterTechnology announced file migration services for conversions from Microsoft Access to SQL Server. The service can help you export all forms, reports, modules, and macros from an .mdb file to Access Data Projects (ADP). The service can also replace Data Access Objects (DAOs) with ADO when you migrate to SQL Server from Access. The service will automatically convert DAO databases, recordsets, fields, and query definitions to their ADO equivalent. The service will also convert Jet references to ANSI in SQL statements so that Boolean references are converted to their SQL equivalent when using ADO recordsets or catalogs. In addition, you can use the service to convert Access Object libraries to SQL equivalents. For pricing, contact ConverterTechnology at 603-880-9118 or 800-541-7409.
   http://www.convertertechnology.com

  • TUNE DATABASE CODE


Embarcadero Technologies announced Rapid SQL 7.2, an integrated development environment that lets developers create, edit, version, tune, and deploy server-side objects that reside on SQL Server, Oracle, IBM DB2, and Sybase databases. The product's HTML and Java programming facilities create an environment for database and Web programming. Graphical features help simplify SQL scripting, object management, reverse-engineering, database project management, version control, and schema deployment. Programmers can use Rapid SQL to produce database code faster. For pricing, contact Embarcadero Technologies at 415-834-3131 or [email protected]
   http://www.embarcadero.com

7. CONTACT US


Here's how to reach us with your comments and questions:

  • WANT TO SPONSOR SQL SERVER MAGAZINE UPDATE?
    More than 102,000 people read SQL Server Magazine UPDATE every week. Shouldn't they read your marketing message, too? To advertise in SQL Server Magazine UPDATE, contact Beatrice Stonebanks at [email protected] or 800-719-8718.

SQL Server Magazine UPDATE is brought to you by SQL ServerMagazine, the only magazine completely devoted to helping developers and DBAs master new and emerging SQL Server technologies and issues. Subscribe today.
http://www.sqlmag.com/sub.cfm?code=ssei211x1y

Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.com/email

Read more about:

ITPro Today
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like