SQL Server Magazine UPDATE, September 4, 2003

SQL Server Magazine UPDATE—brought to you by SQL Server Magazine and SQL Server Magazine Connections

THIS ISSUE SPONSORED BY

See How eWeek Labs Rates EMC ControlCenter 5.1.1

SQL Server Magazine Connections: Win a Harley
(below COMMENTARY)

Omnireplicator Accelerates Data Integration
(below NEWS AND VIEWS)

SPONSOR: SEE HOW EWEEK LABS RATES EMC CONTROLCENTER 5.1.1

Explore key performance features and capabilities of EMC ControlCenter 5.1.1—a family of storage management software—in this review from eWeek Labs. The article provides analysis of Automated Resource Manager, which automatically provisions storage based on user-set policies, and StorageScope, which assists in tracking usage trends to support future storage hardware acquisitions. Find out how these and other ControlCenter products make managing an ever-expanding storage infrastructure easier and more efficient. Click here for eWeek Labs' review.
   http://lists.sqlmag.com/cgi-bin3/DM/y/eceP0COfyP0BRZ0BBI80At

September 4, 2003—In this issue:

1. COMMENTARY

2. SQL SERVER NEWS AND VIEWS

3. ANNOUNCEMENTS

4. RESOURCES

5. HOT RELEASE (ADVERTISEMENT)

6. NEW AND IMPROVED

7. CONTACT US

See this section for a list of ways to contact us.

1. COMMENTARY

(contributed by Brian Moran, news editor, [email protected])

A few weeks ago I said, "If you haven't already installed Service Pack 3 (SP3), you should upgrade to SP3a, but Microsoft says that no serious security problems require you to deploy SP3a if you're already using SP3." That's still true, but I've since read the full list of bugs fixed by SQL Server 2000 SP3a, available at http://support.microsoft.com/?kbid=306908 , and I discovered a problem related to memory leaks in the SQL Server ODBC driver that I think will interest you.

The Microsoft article "FIX—Performance Degradation and Memory Leak in the SQL Server ODBC Driver" documents the problem. Apparently, in SP3, Microsoft made changes to the way SQL Server allocates metadata for ODBC statements, causing memory leaks in some cases. The article says, "This is especially noticeable when you execute queries that return a large number of columns in the result set, or when you repeatedly execute prepared queries that have large numbers of columns." Be honest, how many DBAs are familiar enough with their application workloads to know for sure if applications running on their servers fit this behavior profile? Not many. I don't want to open up the question of whether to apply a service pack as soon as it comes out—we've sufficiently covered that question, and people both sides of the argument present good reasons. However, I think I downplayed the need for SP3 users to at least consider upgrading to SP3a, so I wanted to bring this memory-leak problem to your attention.

On a different topic, have you ever thought about working for the SQL Server development team? If so, here's an announcement that Microsoft asked us to share with you that may pique your interest. The company is looking for experienced software development engineers, software test engineers, and program managers to work in its new Business Intelligence Applications Group. Qualified applicants should have at least 5 years of experience in the BI software industry, and a degree in CS or CE is preferred. You can read about current BI Applications Group opportunities at http://www.microsoft.com/careers/search/. From the list of products, select Business Intelligence Applications, then click Search Jobs. You can also find the job list by typing "Business Intelligence Applications" (must be in quotes) in the keyword field. Interested applicants can submit resumes, inquiries, and referrals to Gretchen Ledgard at [email protected].

SQL SERVER MAGAZINE CONNECTIONS: WIN A HARLEY

This October, SQL Server Magazine Connections is running concurrently with Microsoft ASP.NET Connections, Visual Studio Connections, and Microsoft Office System Connections. Stay on top of today's technology and maintain your competitive edge on the job. Learn from the Microsoft architects who built these technologies and world-renowned third party gurus who will share real world tips and techniques that you can use on the job immediately. Register today and get access to all four conferences for the price of one plus a chance to win a brand new Harley Davidson motorcycle. Register online or call 800-899-5325 or 203-268-3204.
   http://lists.sqlmag.com/cgi-bin3/DM/y/eceP0COfyP0BRZ0ggP0AK

2. SQL SERVER NEWS AND VIEWS

Maintaining service pack levels and hotfixes on your systems is important, but it's not always simple. Many factors affect how and when you patch your systems. If you've tested your architecture and know that a given service pack or hotfix won't adversely affect operations, you still face the problem of how to roll out the service pack to all your systems, especially if some of your systems are mobile and connect only periodically. In this Security Administrator article, Mark Joseph Edwards provides a link to a startup boot script that can help automate service pack installation. You can adapt the script for your system, or you can use it as a model for developing your own script. Read the article and access the script at
   http://www.secadministrator.com/articles/index.cfm?articleid=40094

In the wake of the most recent wave of Internet viruses, Microsoft sent a reminder to SQL Server 7.0 users about an available security patch. In the article "MS03-031: Security Patch for SQL Server 7.0 Service Pack 4," Microsoft explains that this security patch provides fixes for three types of vulnerability: named pipe hijacking, named pipe Denial of Service (DoS), and SQL Server buffer overrun. The package doesn't contain the security fixes that are in Microsoft Data Access Components (MDAC) and Analysis Services. You can read about the patch and download it at
   http://support.microsoft.com/default.aspx?scid=kb;en-us;821279

The voting has closed in SQL Server Magazine's Instant Poll for the question, "How many Access databases are you planning to migrate to SQL Server?" Here are the results (+/- 1 percent) from the 268 votes (deviations from 100 percent are due to a rounding error):

The next Instant Poll question is "What is your primary application programming language? " Go to the SQL Server Magazine Web site and vote for 1) Visual Basic/Visual Basic .NET, 2) C++, 3) C#, 4) Java, or 5) Other.
   http://www.sqlmag.com

SPONSOR: OMNIREPLICATOR ACCELERATES DATA INTEGRATION

Lakeview Technology's OmniReplicator provides real-time changed-data replication of your cross-platform information and automates data sharing across Oracle, DB2, Informix, Sybase and SQL Server. View the NEW OmniReplicator Demo by visiting our Web site.
   http://lists.sqlmag.com/cgi-bin3/DM/y/eceP0COfyP0BRZ08xl0AI

3. ANNOUNCEMENTS

(brought to you by SQL Server Magazine and its partners)

Learn more about the wireless and mobility solutions that are available today, plus discover how going wireless can offer low risk, proven performance, and compatibility with existing and emerging industry standards. Register now for this free, 10-city event!
   http://lists.sqlmag.com/cgi-bin3/DM/y/eceP0COfyP0BRZ0BA8Y0AA

* SPECIAL OFFER FROM SQL SERVER MAGAZINE

SQL Server Magazine presents the SQL Server Technical Education Package, including a 1-year print subscription to SQL Server Magazine, full SQL Server Magazine Web site access, and a 1-year subscription to the SQL Server Magazine Master CD (2 CDs), for only $39.95! Click here for this incredible limited-time offer!

http://lists.sqlmag.com/cgi-bin3/DM/y/eceP0COfyP0BRZ0BCKs0Av

4. RESOURCES

SQL Server still labors under the perception of unreliability, linked to Windows' reputation and news about security exposures, even though competing databases face many of the same challenges. What those competitors don't share is SQL Server's core problem: poor customer implementation. Companies put a lot of effort and expense into installing and managing Oracle and IBM DB2 systems, but they still use SQL Server under less-than optimal conditions. In his editorial "Reliability Doesn't Just Happen," Michael Otey explains why SQL Server reliability depends on good planning and best practices. Read this September SQL Server Magazine article at
   http://www.sqlmag.com/articles/index.cfm?articleid=39661

Thomo wants to restore a master database from an ARCserve database agent to SQL Server 2000. Thomo ran the server in single-user mode, but the restore didn't succeed. Instead, the log file displayed the message "Access Denied." Thomo then made sure that the SQL Server is running on the same account as the local machine, but the restore still isn't working. Is this restore possible? See what other DBAs have said, and offer your opinion, on SQL Server Magazine's Administration forum.
   http://www.sqlmag.com/forums/messageview.cfm?catid=3&threadid=18764

(contributed by Brian Moran, [email protected])

Q. I'm trying to make my SQL Server installation as secure as possible. Some of my users need access to Enterprise Manager, but I don't want them to view Data Transformation Services (DTS) packages on the server. Enterprise Manager lets me restrict who can run or edit a package, but all users can still see the package names. Can I hide DTS packages from a certain set of users?

A. Enterprise Manager uses an undocumented stored procedure in msdb called sp_enum_dtspackages to retrieve package information for display in the GUI. If you remove (or deny) a particular user's EXECUTE permission for this procedure, Enterprise Manager won't show package names in the user's GUI. The user won't see an error message—the server will simply look like it doesn't have any defined packages. By default, SQL Server users don't have permission to query msdb's base tables, which store package information, so your users can't retrieve package names that way, either.

In general, you shouldn't modify undocumented system objects, even at a permission level, because Microsoft doesn't guarantee that it won't change the way something works in a service pack or hotfix. But as far as I know, changing the EXECUTE permissions for sp_enum_dtspackages won't cause any harm and will solve your problem.

Send technical questions to [email protected].

5. HOT RELEASE (ADVERTISEMENT)

Learn about the dangers that lurk around SQL Server's perimeter and how server and network resources can be secured to prevent attacks on your data. Register today for this online four-part event and SAVE $150!
   http://lists.sqlmag.com/cgi-bin3/DM/y/eceP0COfyP0BRZ0BCNR0AR

6. NEW AND IMPROVED

(contributed by Carolyn Mader, [email protected])

BindView announced bv-Control for Microsoft SQL Server 7.0, SQL Server management software that provides database security access and control capabilities. The software features new automation and reporting functionality. The software also increases database layer security where the most valuable company information resides. You can quickly restore the network and make incremental changes by using the software to document the database structure. Transaction Log Summaries let you view transaction logs and data in plain English text. Enterprise-wide security documentation capabilities verify configuration consistency. New Object Reference/Dependency lets you avoid system vulnerabilities and network downtime by outlining database dependencies to give you an idea of the entire security picture and highlights the impact that database changes will have on users, system files, and crucial applications. Contact BindView at 713-561-4000 or 800-813-5689.
   http://www.bindview.com

ECS announced Analysis Center Library (ACL) 2.1, a suite of business intelligence (BI) analytic modules for sales, marketing, and retail performance monitoring. ACL features analytical capabilities that let end users at all levels answer questions such as which products and services are most profitable, what channels provide the most revenue, and what are customers' buying habits. The suite comprises modules with specific functions such as market segmentation, share and growth, pareto analysis, trending and forecasting, price sensitivity, and daily pattern analysis. ACL lets users create set color-coded exception triggers, define formulas for filtering report data, drill down to detailed data, save dynamic reports to a report library, and export data to Microsoft Excel. ACL uses Microsoft SQL Server Analysis Services for the underlying OLAP cube technology. For pricing, contact ECS at [email protected].
   http://www.ecs-int.com

7. CONTACT US

Here's how to reach us with your comments and questions:

SQL Server Magazine UPDATE is brought to you by SQL ServerMagazine, the only magazine completely devoted to helping developers and DBAs master new and emerging SQL Server technologies and issues. Subscribe today.
http://www.sqlmag.com/sub.cfm?code=ssei211x1y

Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email