Wednesday, September 2, 2009

Microsoft disputes password-stealing SQL Server bug

For more than a year, Microsoft has been sitting on a purported SQL Server vulnerability that could enable a malicious insider to obtain users' passwords, claims database security vendor Sentrigo.

The software giant, however, said that the issue is not a security flaw.

The potential bug, which Sentrigo notified Microsoft about last September, involves SQL Server keeping passwords unencrypted in its database memory, Slavik Markovich, CTO at Sentrigo, told SCMagazineUS.com on Tuesday. The issue affects SQL Server 2000, 2005 and 2008, running on Windows operating systems.

Markovich said he believes this is a security issue because it enables any individual with administrative privileges to access SQL Server's process memory and see all the usernames and passwords that are stored for anyone who accessed either the server itself or applications that connect to the server.

“It's something that is security 101, something you never do -- share or see other people's passwords,” he said.

Since people often reuse the same passwords for multiple enterprise systems and for their personal lives, a malicious insider could use the stolen SQL Server credentials to access other systems or a user's personal accounts.

“If someone can see your password, think about all the other systems they could access,” Markovich said.

But Microsoft said that it has “thoroughly investigated” the issue and found that no vulnerability exists, a Microsoft spokesperson told SCMagazineUS.com in an email Tuesday. The software giant has no intention of offering a security update for the issue.

Tuesday, July 14, 2009

SQL Sentry Announces Performance Optimization Software for SQL Server Analysis Services

the developer of award-winning software for Microsoft SQL Server, announced today the availability of monitoring and optimization software for Microsoft SQL Server Analysis Services. SQL Sentry Performance Advisor for Analysis Services provides unparalleled insight into Analysis Services performance, including bottlenecks related to memory and storage systems, aggregation usage, unoptimized queries, and query and processing tasks competing for the same resources.


"Building on the success of Performance Advisor for SQL Server, we are proud to bring exciting new capabilities to the market for managing Analysis Services," said Greg Gonzalez, President and CEO of SQL Sentry. "And when combined with SQL Sentry Performance Advisor for SQL Server and Event Manager, we are providing the only solution in the market covering Microsoft's entire BI platform, including the relational data warehouse (SQL Server), Analysis Services (SSAS), Integration Services (SSIS), and Reporting Services (SSRS)."


"Performance Advisor for Analysis Services is truly a game changer. This is the first software that brings all of the pertinent information together in a clear and concise fashion, providing a level of insight into Analysis Services performance that before now just hasn't been possible," said John Welch, SQL Server MVP, Chief Architect, Mariner.


Performance Advisor for Analysis Services is packed with many groundbreaking features, all designed to simplify the process of optimizing Analysis Services performance. Key Features include:


Powerful SSAS Performance Dashboard

Innovative Workload and Bottleneck Profiling

Capture of all High Impact MDX, XMLA and DMX Commands

Alerting and Response for SSAS Commands and Runtime Deviations

SSAS Cache and Storage System Monitoring

Calendar Views Combining SSAS, SQL Server, SSIS, and SSRS Events

Monitoring and Alerting for SSIS Data Warehousing Jobs and SSRS Reports Pricing and Availability

Saturday, May 23, 2009

Zoho Attempts to Bridge the Cloud and SQL

Everyone knows that the most important thing is the data itself and not the storage or access of it through applications. We don't need Zoho to tell us that. We also know that more and more we are using other storage formats for our data than relational databases -- take XML repositories for instance -- and that we are using other methods to retrieve our data other than SQL.

But what Zoho says we don't know, or don't realize, is that we can use the SQL query language to access our data even when it's not stored within a traditional relational database. At least we can now using Zoho's newest technology CloudSQL.

Friday, April 10, 2009

Server 2008 Service Pack 1 arrives


Microsoft today released Service Pack 1 for all seven editions of SQL Server 2008, its relational database management system that uses Transact-SQL as its primary query language. The update is available in 32-bit, 64-bit, and ia64 flavors from the Microsoft Download Center. SP1 is primarily a roll-up of previous cumulative updates and while there are no new features, Microsoft did highlight the following three improvements:

Slipstream allows administrators to install SQL Server 2008 and Service Pack 1 in a single instance. This decreases the total time for an installation, including a fewer number of reboots, thereby increasing productivity and deployment availability
Service Pack Uninstall allows administrators to uninstall the service pack separately from the database release. This feature also improves DBA productivity, reduces the cost of deployment and improves overall supportability
Report Builder 2.0 Click Once improves the existing SQL Server end-user report authoring application by easing deployment to business users
Microsoft also took the opportunity to note that there have been "over three million downloads" of SQL Server 2008 to date. SQL Server 2008 hit the RTM milestone in August 2008. The CTP of SP1 was released in February.

Sunday, March 15, 2009

DiscountASP.NET Adds SQL 2008 Backup API

ASP.NET hosting and SQL hosting provider DiscountASP.NET (www.discountasp.net) has expanded its Open Control Panel API with the addition of APIs for SQL 2008 Database backup as part of DiscountASP.NET's Open Control Panel Initiative, designed to offer an open hosting system framework that provides maximum control.

According to DiscountASP.NET's Wednesday announcement, customers can access the API library through their control panel and are assigned a unique Authentication Key. Also, a Sandbox Key is provided so that customers can test their applications without the risk of making changes to their hosting account.

In 2006, DiscountASP.NET unveiled the first phase of its Open Control Panel Initiative by introducing an ASP.NET web service API library that customers can use to develop their own web, desktop or mobile applications that interface directly with their web hosting account. This exposed a number of methods to retrieve resource usage information, and manage some IIS functions, such as recycling their application pool. Today, DiscountASP.NET has found more methods for customers to backup their SQL 2008 databases.

"Our control panel API is a move to provide our customers with a next-generation hosting experience." marketing vice president Takeshi Eto said in a statement. "Our vision for the Open Control Panel Initiative is to offer our customers the flexibility and freedom of choice. They can manage their hosting presence using our hosted control panel application or through web services and customized user-driven solutions."

DiscountASP.NET has undergone many improvements in the past few months, increasing options for customers looking for advanced ASP.NET and SQL functionality.

At Microsoft's (www.microsoft.com) Professional Developers Conference in October 2008, DiscountASP.NET announced it had teamed with the software heavy weight to offer a free beta sandbox hosting environment for the Web Deployment Tool, Microsoft's deployment, management and migration tool for web apps, sites and servers.

http://www.thewhir.com/web-hosting-news/103108_DiscountASP.NET_Offers_IIS_Tool_Beta

More recently, in January, DiscountASP.NET partnered with web-based applications provider myLittleTools (www.mylittletools.com) to add myLittleAdmin to DiscountASP.NET's feature set, giving customers free access to the web-based SQL management tool.

Monday, January 19, 2009

SQL DeCryptor 2.2 (Windows)

SQL Decryptor is developed by Imperia Software, to decrypt views, user defined functions and stored procedures in an easy-to-use graphical interface. It works quickly to decrypt items in Microsoft SQL Server 6.5, 7.0, 2000, 2005, 2008 and MSDE. SQL Decryptor allows for easy viewing of encrypted code, of any size.Version 2.2 with best search performance.