SQL Server Magazine UPDATE, May 16, 2002

SQL Server Magazine UPDATE—brought to you by SQL Server Magazine
http://www.sqlmag.com

THIS ISSUE SPONSORED BY

FREE SQL Tool from NetIQ
http://lists.sqlmag.com/cgi-bin3/flo?y=eLya0CFYDW0BRZ0q250AG

SQL Server Magazine - No Risk Offer!
http://lists.sqlmag.com/cgi-bin3/flo?y=eLya0CFYDW0BRZ01yA0AZ
(below COMMENTARY)

24 X 7 AVAILABILITY WEB SEMINAR
http://lists.sqlmag.com/cgi-bin3/flo?y=eLya0CFYDW0BRZ0qQh0Ac
(below SQL SERVER NEWS AND VIEWS)

SPONSOR: FREE SQL TOOL FROM NETIQ

Need to know what's going on in your database environment? Quickly and accurately identify and investigate specific SQL Server problems with NetIQ's diagnostic dashboard, SQLcheck. This FREE tool organizes and explains critical information about your database server hardware, its operating system and SQL Server. Get the information you need for efficient database management today. Download SQLcheck now!
http://lists.sqlmag.com/cgi-bin3/flo?y=eLya0CFYDW0BRZ0q250AG

May 16, 2002—In this issue:

1. COMMENTARY

2. SQL SERVER NEWS AND VIEWS

3. ANNOUNCEMENTS

4. HOT RELEASES (ADVERTISEMENTS)

5. RESOURCES

6. NEW AND IMPROVED

7. CONTACT US

1. COMMENTARY

(contributed by Brian Moran, news editor, [email protected])

Have you applied the latest SQL Server security patch? And how can you stay on top of all the security fixes coming down the pike from Microsoft and other sources? Security is an important topic in IT regardless of which technologies you specialize in, and lately I've been thinking about SQL Server security quite a bit. I'm planning to weave security discussions into my SQL Server UPDATE commentary during the next several weeks. But this week, I tell you about the most recent security patch from Microsoft, available online at the following URL, and one way you can stay abreast of Microsoft security patches. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/mS02-020.asp

The patch in Microsoft Security Bulletin MS02-020 (SQL Extended Procedure Functions Contain Unchecked Buffers) addresses an unchecked buffer security vulnerability that could let an intruder either crash your SQL Server or—even worse—run code of the attacker's choice. Neither option is particularly pleasant, and Microsoft's understated recommendation is to "apply the patch immediately to affected systems."The security bulletin provides instructions for applying the patch. Before you download the patch, you need to install SQL Server 2000 Service Pack 2 (SP2) or SQL Server 7.0 SP4. You'll find more details about the specific nature of the vulnerability in the Microsoft article "FIX: SQL Extended Procedure Functions Contain Unchecked Buffers".

Staying up-to-date with the latest security bulletins can be difficult, but that's the way to find a particular vulnerability before intruders do. To stay current, subscribe to the Microsoft HotFix & Security Bulletin Service at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/current.asp.

Trying to keep the intruders out without keeping on top of the latest security announcements is like playing video games against a Microsoft Xbox master who knows the secret codes that you don't know. The odds aren't fair, and you'll probably end up dead. The HotFix & Security Bulletin Service will ensure that you have the latest security information from Microsoft. Computer systems will always have undetected security vulnerabilities, and we'll always have intruders. It's the nature of the game. The trick is to be vigilant and proactive in your approach to security management.

SPONSOR: SQL SERVER MAGAZINE - NO RISK OFFER!

Hands-on, how-to articles covering Database Modeling, ADO.NET, XML, Performance Tuning, Security and all of the issues database developers and administrations need to know to manage SQL Server. Subscribe to SQL Server Magazine with this NO RISK offer and, if for any reason, you are not satisfied with your first issue, just write cancel on the invoice and return it to us. Keep the first issue with our compliments - no questions asked. Subscribe today at:
http://lists.sqlmag.com/cgi-bin3/flo?y=eLya0CFYDW0BRZ01yA0AZ

2. SQL SERVER NEWS AND VIEWS

The voting has closed in SQL Server Magazine's nonscientific Instant Poll for the question, "Has your company participated in Microsoft SQL Server beta programs?" Here are the results (+/- 1 percent) from the 192 votes:

The next Instant Poll question is, "What's the first resource you turn to for troubleshooting SQL Server problems?" Go to the SQL Server Magazine Web site and submit your vote for 1) SQL Server discussion forums, 2) Microsoft online resources (TechNet, Knowledge Base, or Books Online), 3) Other SQL Server professionals you know, 4) Microsoft phone-based support, or 5) Other.
http://www.sqlmag.com

SPONSOR: 24 X 7 AVAILABILITY WEB SEMINAR

Need 24 x 7 Availability?
High-availability networks, systems, and applications are critical to every business. Sign up for our (free!) Webinar taking place on May 14 (sponsored by MKS), and find out how to achieve 24 x 7 availability on Windows 2000. Windows & .NET Magazine author Tim Huckaby shares his expertise on load balancing, monitoring, and more. Register today!
http://lists.sqlmag.com/cgi-bin3/flo?y=eLya0CFYDW0BRZ0qQh0Ac

3. ANNOUNCEMENTS

Exclusive in-depth articles, tips, tricks, and code samples all at your fingertips. Content you can't get anywhere else—brought to you by the SQL Server experts you trust such as Kalen Delaney, Itzik Ben-Gan, and others. Increase your productivity today! Go to the following URL.
http://lists.sqlmag.com/cgi-bin3/flo?y=eLya0CFYDW0BRZ0Kqz0Ao

The SQL Server Magazine Master CD gives you realtime, high-speed access to all the articles, code, and expertise from every issue of SQL Server Magazine ever published. Unique search features let you find what you need fast. Order your copy today!
http://lists.sqlmag.com/cgi-bin3/flo?y=eLya0CFYDW0BRZ01yB0Aa

4. HOT RELEASES (ADVERTISEMENTS)

Companies that treat their data as a strategic asset and invest in its quality are pulling ahead in terms of reputation and profitability. Click here to download the TDWI study to learn more compliments of DataFlux.
http://lists.sqlmag.com/cgi-bin3/flo?y=eLya0CFYDW0BRZ01xt0AP

IntelliVIEW is an elegant, XML-based Reporting Solution to query, view and publish SQL Server data. IntelliVIEW is lightweight and scalable and with its incredible price-performance, offers an ROI 180% greater than our nearest competitor (Crystal Reports/Brio/BO etc.) Download the free IntelliVIEW client now!
http://lists.sqlmag.com/cgi-bin3/flo?y=eLya0CFYDW0BRZ0qM80Ak

5. RESOURCES

As a SQL Server DBA, you probably use Query Analyzer every day to analyze SQL statements. In his article "Query Analyzer Shortcuts," SQL Server Magazine Senior Technical Editor Michael Otey shows you how to speed the process by using seven keyboard shortcuts that make Query Analyzer a more effective and productive tool. The article appears in the May 2002 issue of SQL Server Magazine and is available online at the following URL:
http://www.sqlmag.com/articles/index.cfm?articleid=24349

Member js is having trouble executing a SQL Server job because his login failed even though he has the appropriate permissions. Offer your advice and read other users' suggestions on the SQL Server Magazine forums at the following URL:
http://www.sqlmag.com/forums/messageview.cfm?catid=8&threadid=6126

(contributed by the Microsoft SQL Server development team)

Q. In the June 2001 issue of SQL Server Magazine, you mentioned that to avoid recompilations, thereby improving performance, you can "try coding the object owner for referenced tables, views, and procedures inside your stored procedures" when submitting a query (e.g., select col1 from dbo.table1). Does SQL Server recompile if two tables with the same name exist in the database (e.g., dbo.table1, fred.table1)? Further, does SQL Server recompile the stored procedure if only dbo.table1 exists in the database.

A. SQL Server recompiles a stored procedure or a cached query plan even if only one table1 exists, because through the recompilation process, SQL Server checks the catalog for the appropriate object that the connection context issuing the query should use. When you don't qualify the owner name, SQL Server enters the compile code and acquires a COMPILE lock on the procedure. SQL Server eventually determines that a new plan isn't required, so at that point, SQL Server doesn't recompile the plan. However, when SQL Server takes the extra step of acquiring a COMPILE lock on the procedure, in situations of heavy load, blocking can occur. For more details about blocking contention, see the Microsoft article "INF: SQL Blocking Due to COMPILE Locks" ( http://support.microsoft.com/default.aspx?scid=kb;en-us;q263889).

Qualifying the table or view and the columns you use is also good practice. Qualifying those entities ensures that the query will continue to work as you expect—even if the underlying tables are altered—because the code explicitly names the tables that hold the columns you need. Otherwise, adding mycol1 to Table2 would cause a namespace clash and break the query. The following code snippet qualifies a table and columns:

SELECT a.mycol1, b.othercol1FROM dbo.Table1    AS a INNER JOIN dbo.Table2    AS b ON a.myid=b.otherid

Send your technical questions to [email protected].

6. NEW AND IMPROVED

(contributed by Carolyn Mascarenas, [email protected])

Red Diamond Software announced DBA Toolkit 2.0, a collection of tools that make routine SQL Server tasks easy for DBAs. The product includes features such as JobStyles, which lets you define backup procedures; JobScheduler, which provides a graphical calendar view of job schedules; and DataScripter, which creates SQL insert statements from your data. The ScriptLibrary feature lets you organize existing scripts and store procedures in user-defined categories. For pricing, contact Red Diamond Software at 303-229-5258.
http://www.reddiamondsoftware.com

7. CONTACT US

Here's how to reach us with your comments and questions:

(please mention the newsletter name in the subject line)

SQL Server Magazine UPDATE is brought to you by SQL Server Magazine,the only magazine completely devoted to helping developers and DBAs master new and emerging SQL Server technologies and issues. Subscribe today.
http://www.sqlmag.com/sub.cfm?code=ssei211x1y

Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email