home.social
Sign in Create account

#mssqlserver — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #mssqlserver, aggregated by home.social.

  1. Habr @[email protected] ·

    Включаем EPA в FreeTDS и go-mssqldb: приключение на 5 минут

    Представьте: вы теряете контроль над SCCM — одним из самых критичных инструментов управления инфраструктурой. А точкой входа становится обычное подключение к MSSQL, где он хранит свои данные. Злоумышленник перехватывает NTLM-аутентификацию и перенаправляет её на нужный сервер — так работает NTLM relay. Мы в команде Security Engineering решили не ждать эксплуатации этой уязвимости. Меня зовут Булат Гафуров, я инженер по информационной безопасности в Яндексе. В этой статье я расскажу, почему стандартного решения оказалось недостаточно и как мы добавили поддержку механизма EPA в популярные библиотеки, чтобы переключить защиту на стороне MSSQL в режим Require, не лишив Linux- и Windows-сервисы доступа к данным.

    habr.com/ru/companies/yandex/a

    #windows #security #ntlm_relay #ntlm #ntlmrelay #epa #mssql #mssqlserver #microsoft #freetds

    #freetds #microsoft #mssqlserver #mssql #epa #ntlmrelay
  2. Habr @[email protected] ·

    Включаем EPA в FreeTDS и go-mssqldb: приключение на 5 минут

    Представьте: вы теряете контроль над SCCM — одним из самых критичных инструментов управления инфраструктурой. А точкой входа становится обычное подключение к MSSQL, где он хранит свои данные. Злоумышленник перехватывает NTLM-аутентификацию и перенаправляет её на нужный сервер — так работает NTLM relay. Мы в команде Security Engineering решили не ждать эксплуатации этой уязвимости. Меня зовут Булат Гафуров, я инженер по информационной безопасности в Яндексе. В этой статье я расскажу, почему стандартного решения оказалось недостаточно и как мы добавили поддержку механизма EPA в популярные библиотеки, чтобы переключить защиту на стороне MSSQL в режим Require, не лишив Linux- и Windows-сервисы доступа к данным.

    habr.com/ru/companies/yandex/a

    #windows #security #ntlm_relay #ntlm #ntlmrelay #epa #mssql #mssqlserver #microsoft #freetds

    #freetds #microsoft #mssqlserver #mssql #epa #ntlmrelay
  3. Habr @[email protected] ·

    Включаем EPA в FreeTDS и go-mssqldb: приключение на 5 минут

    Представьте: вы теряете контроль над SCCM — одним из самых критичных инструментов управления инфраструктурой. А точкой входа становится обычное подключение к MSSQL, где он хранит свои данные. Злоумышленник перехватывает NTLM-аутентификацию и перенаправляет её на нужный сервер — так работает NTLM relay. Мы в команде Security Engineering решили не ждать эксплуатации этой уязвимости. Меня зовут Булат Гафуров, я инженер по информационной безопасности в Яндексе. В этой статье я расскажу, почему стандартного решения оказалось недостаточно и как мы добавили поддержку механизма EPA в популярные библиотеки, чтобы переключить защиту на стороне MSSQL в режим Require, не лишив Linux- и Windows-сервисы доступа к данным.

    habr.com/ru/companies/yandex/a

    #windows #security #ntlm_relay #ntlm #ntlmrelay #epa #mssql #mssqlserver #microsoft #freetds

    #freetds #microsoft #mssqlserver #mssql #epa #ntlmrelay
  4. Habr @[email protected] ·

    Включаем EPA в FreeTDS и go-mssqldb: приключение на 5 минут

    Представьте: вы теряете контроль над SCCM — одним из самых критичных инструментов управления инфраструктурой. А точкой входа становится обычное подключение к MSSQL, где он хранит свои данные. Злоумышленник перехватывает NTLM-аутентификацию и перенаправляет её на нужный сервер — так работает NTLM relay. Мы в команде Security Engineering решили не ждать эксплуатации этой уязвимости. Меня зовут Булат Гафуров, я инженер по информационной безопасности в Яндексе. В этой статье я расскажу, почему стандартного решения оказалось недостаточно и как мы добавили поддержку механизма EPA в популярные библиотеки, чтобы переключить защиту на стороне MSSQL в режим Require, не лишив Linux- и Windows-сервисы доступа к данным.

    habr.com/ru/companies/yandex/a

    #windows #security #ntlm_relay #ntlm #ntlmrelay #epa #mssql #mssqlserver #microsoft #freetds

    #windows #security #ntlm_relay #ntlm #ntlmrelay #epa
  5. Vlad @[email protected] ·

    Blog post from the past:
    In which I go over potential reasons for why some special characters end up corrupted and displayed as question marks, squares or something completely different in SQL Server.
    vladdba.com/2024/10/04/charact
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  6. Vlad @[email protected] ·

    Blog post from the past:
    In which I go over potential reasons for why some special characters end up corrupted and displayed as question marks, squares or something completely different in SQL Server.
    vladdba.com/2024/10/04/charact
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  7. Vlad @[email protected] ·

    New blog post:
    My guideline on how to handle and test SQL Server backups to ensure their viability and avoid a "Schrödinger's backup" scenario.
    vladdba.com/2026/04/23/test-sq
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql #azure

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  8. Vlad @[email protected] ·

    New blog post:
    My guideline on how to handle and test SQL Server backups to ensure their viability and avoid a "Schrödinger's backup" scenario.
    vladdba.com/2026/04/23/test-sq
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql #azure

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  9. Vlad @[email protected] ·

    Recently updated post:
    In which I discuss the risks of improperly configured SQL Server linked server connections and provide recommendations for securing them.
    Now with a query to identify improperly configured linked server connections.
    vladdba.com/2023/07/10/securin
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #security

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  10. Vlad @[email protected] ·

    Recently updated post:
    In which I discuss the risks of improperly configured SQL Server linked server connections and provide recommendations for securing them.
    Now with a query to identify improperly configured linked server connections.
    vladdba.com/2023/07/10/securin
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #security

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  11. Vlad @[email protected] ·

    New blog post:
    In which I go over three points that are vital in preventing SQL injection when working with dynamic T-SQL.
    vladdba.com/2026/04/15/dynamic
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  12. Vlad @[email protected] ·

    New blog post:
    In which I go over three points that are vital in preventing SQL injection when working with dynamic T-SQL.
    vladdba.com/2026/04/15/dynamic
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  13. Vlad @[email protected] ·

    New blog post:
    My second contribution to T-SQL Tuesday, about a session that got me interested into the security side of things.
    vladdba.com/2026/04/14/t-sql-t
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql #tsql2sday

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  14. Vlad @[email protected] ·

    New blog post:
    My second contribution to T-SQL Tuesday, about a session that got me interested into the security side of things.
    vladdba.com/2026/04/14/t-sql-t
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql #tsql2sday

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  15. Vlad @[email protected] ·

    New blog post:
    In which I provide some examples as to why FLOAT isn’t the best option for storing exact financial data in SQL Server.
    vladdba.com/2026/04/11/stop-us
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  16. Vlad @[email protected] ·

    New blog post:
    In which I provide some examples as to why FLOAT isn’t the best option for storing exact financial data in SQL Server.
    vladdba.com/2026/04/11/stop-us
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  17. Vlad @[email protected] ·

    Blog post from the past:
    In which I demo two PoCs for SQL injection vulnerabilities fixed in SQL Server 2022 CU20 GDR KB5063814
    vladdba.com/2025/08/29/poc-sql
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  18. Vlad @[email protected] ·

    Blog post from the past:
    In which I demo two PoCs for SQL injection vulnerabilities fixed in SQL Server 2022 CU20 GDR KB5063814
    vladdba.com/2025/08/29/poc-sql
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  19. Vlad @[email protected] ·

    I've noticed today that Microsoft Bing Webmaster Tools has a new "AI Performance" tab.
    Apparently, my SSMS 22 config blog post has been cited by "Microsoft Copilots and Partners" a total of 284.7K times since I've published it ~6 months ago. Pretty neat, although this doesn't really translate into visits.

    Link to blog post: vladdba.com/2025/11/16/my-sql-

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  20. Vlad @[email protected] ·

    I've noticed today that Microsoft Bing Webmaster Tools has a new "AI Performance" tab.
    Apparently, my SSMS 22 config blog post has been cited by "Microsoft Copilots and Partners" a total of 284.7K times since I've published it ~6 months ago. Pretty neat, although this doesn't really translate into visits.

    Link to blog post: vladdba.com/2025/11/16/my-sql-

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  21. Ænðr E. Feldstraw @[email protected] ·

    Why does #MSSQLServer allow table indexes that have no name? How are they created? What is their use?

    #dba #ssms #microsoft

    #mssqlserver #dba #ssms #microsoft
  22. Vlad @[email protected] ·

    New blog post:
    In which I cover where to find the 4 new export formats in SSMS 22.4.1 and one gotcha you need to be mindful of.
    vladdba.com/2026/03/20/ssms-ex
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  23. Vlad @[email protected] ·

    New blog post:
    In which I cover where to find the 4 new export formats in SSMS 22.4.1 and one gotcha you need to be mindful of.
    vladdba.com/2026/03/20/ssms-ex
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  24. Vlad @[email protected] ·

    Blog post from the past:
    In which I explore the impact of SQL Server 2025’s #PBKDF2 hashing algorithm on password cracking and compare it with SQL Server 2022
    vladdba.com/2025/06/23/looking
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba

    #pbkdf2 #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql
  25. Vlad @[email protected] ·

    Blog post from the past:
    In which I explore the impact of SQL Server 2025’s #PBKDF2 hashing algorithm on password cracking and compare it with SQL Server 2022
    vladdba.com/2025/06/23/looking
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba

    #pbkdf2 #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql
  26. Vlad @[email protected] ·

    Blog post from the past:
    In which I cover ANSI_NULLS and QUOTED_IDENTIFIER, two potentially dangerous SET options that stored procedures inherit from your session when created.
    vladdba.com/2025/03/03/dangero
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  27. Vlad @[email protected] ·

    Blog post from the past:
    In which I cover ANSI_NULLS and QUOTED_IDENTIFIER, two potentially dangerous SET options that stored procedures inherit from your session when created.
    vladdba.com/2025/03/03/dangero
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  28. Vlad :verified: @[email protected] ·

    New blog post:
    Outlining the process of changing the edition of a SQL Server instance on Linux
    vladdba.com/2026/02/03/change-
    #linux #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #linux #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql
  29. Vlad @[email protected] ·

    New blog post:
    Outlining the process of changing the edition of a SQL Server instance on Linux
    vladdba.com/2026/02/03/change-
    #linux #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #linux #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql
  30. Vlad @[email protected] ·

    New blog post:
    Outlining the process of changing the edition of a SQL Server instance on Linux
    vladdba.com/2026/02/03/change-
    #linux #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #linux #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql
  31. Vlad :verified: @[email protected] ·

    New blog post:
    In which I cover the process of setting up SQL Server 2025 on Ubuntu 24.04, connecting and restoring a sample database.
    vladdba.com/2026/02/02/sql-ser
    #linux #ubuntu #virtualbox #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #linux #ubuntu #virtualbox #sqlserver #sqldba #microsoftsqlserver
  32. Vlad @[email protected] ·

    New blog post:
    In which I cover the process of setting up SQL Server 2025 on Ubuntu 24.04, connecting and restoring a sample database.
    vladdba.com/2026/02/02/sql-ser
    #linux #ubuntu #virtualbox #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #linux #ubuntu #virtualbox #sqlserver #sqldba #microsoftsqlserver
  33. Vlad @[email protected] ·

    New blog post:
    In which I cover the process of setting up SQL Server 2025 on Ubuntu 24.04, connecting and restoring a sample database.
    vladdba.com/2026/02/02/sql-ser
    #linux #ubuntu #virtualbox #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #linux #ubuntu #virtualbox #sqlserver #sqldba #microsoftsqlserver
  34. Vlad :verified: @[email protected] ·

    New blog post:
    My first ever contribution to T-SQL Tuesday.
    vladdba.com/2026/01/20/t-sql-t
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql #tsql2sday

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  35. Vlad @[email protected] ·

    New blog post:
    My first ever contribution to T-SQL Tuesday.
    vladdba.com/2026/01/20/t-sql-t
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql #tsql2sday

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  36. Vlad @[email protected] ·

    New blog post:
    My first ever contribution to T-SQL Tuesday.
    vladdba.com/2026/01/20/t-sql-t
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql #tsql2sday

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  37. Vlad @[email protected] ·

    Blog post from the past:
    In which I cover ways of speeding up SELECT COUNT in SQL Server as well as some myths about best practices when it comes to SELECT COUNT.
    vladdba.com/2023/08/21/speedin
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  38. Vlad @[email protected] ·

    Blog post from the past:
    In which I cover ways of speeding up SELECT COUNT in SQL Server as well as some myths about best practices when it comes to SELECT COUNT.
    vladdba.com/2023/08/21/speedin
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  39. Vlad :verified: @[email protected] ·

    New blog post:
    In which I cover some unpleasant side-effects of using heaps in SQL Server for anything else than staging tables.
    vladdba.com/2025/12/30/the-hid
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  40. Vlad @[email protected] ·

    New blog post:
    In which I cover some unpleasant side-effects of using heaps in SQL Server for anything else than staging tables.
    vladdba.com/2025/12/30/the-hid
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  41. Vlad @[email protected] ·

    New blog post:
    In which I cover some unpleasant side-effects of using heaps in SQL Server for anything else than staging tables.
    vladdba.com/2025/12/30/the-hid
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  42. Vlad :verified: @[email protected] ·

    New blog post:
    My most popular blog posts in 2025 by views, likes, and comments.
    vladdba.com/2025/12/27/most-po
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  43. Vlad @[email protected] ·

    New blog post:
    My most popular blog posts in 2025 by views, likes, and comments.
    vladdba.com/2025/12/27/most-po
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  44. Vlad @[email protected] ·

    New blog post:
    My most popular blog posts in 2025 by views, likes, and comments.
    vladdba.com/2025/12/27/most-po
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  45. Vlad @[email protected] ·

    Blog post from the past:
    In which I demo how to import and query HTML table data in SQL Server using only T-SQL.
    vladdba.com/2023/11/03/import-
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  46. Vlad @[email protected] ·

    Blog post from the past:
    In which I demo how to import and query HTML table data in SQL Server using only T-SQL.
    vladdba.com/2023/11/03/import-
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  47. Vlad :verified: @[email protected] ·

    New blog post:
    In which I cover a sometimes overlooked gotcha when using page compression on heaps.
    vladdba.com/2025/12/09/page-co
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  48. Vlad @[email protected] ·

    New blog post:
    In which I cover a sometimes overlooked gotcha when using page compression on heaps.
    vladdba.com/2025/12/09/page-co
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  49. Vlad @[email protected] ·

    New blog post:
    In which I cover a sometimes overlooked gotcha when using page compression on heaps.
    vladdba.com/2025/12/09/page-co
    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

    #sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba
  50. @haitchfive @[email protected] ·

    BobSQL

    Based on tsqlparser, tgpiler, and dxp

    github.com/ha1tch/tgpiler

    github.com/ha1tch/tsqlparser

    github.com/ha1tch/dxp

    All the pieces are there, so why not?

    #tsql #bobsql #database #db #foss #golang #sql #microsoft #mssql #mssqlserver #sqlite #postgres

    #tsql #bobsql #database #db #foss #golang