Embed security and secure your data

Security!! A word – that everybody want, whatever it may for - a life, money or a job. In an IT world this term is often used, and asked by the client, the customer or the end user because it is closely attached to the information they are providing or storing or exchanging with each other. It can create a chaos if an ounce of the information is leaked or spread publicly; refer the case about classified US Military info available, reported in July-2007 by Network World.  

So, what we really have to care about that every piece of work that we do should be secure - by default, and this applies to every technology. That means whatever we work on, we should follow and implement the security policies to build the robust and secure product. Recently, I was researching about security and I found a link about Microsoft Security Development Lifecycle (SDL). It is since 2004 that Microsoft has made SDL mandatory to follow for its entire product range.  I would advise you to follow the same when you make a product for a business environment, communication software such as messenger or dealing with the sensitive information. 

Since 2004, most of the product from Microsoft has built-in features to tighten security. This applies to SQL server as well; you can see that SQL Server 2005 has great security features i.e. you can enforce password policy on your database server to ensure that the passwords that your users are crating are strong. Apart from this   now it is not necessary to assign system administrator rights to run profile, the only permission user requires is ALTER TRACE to run profiler. You may refer my article on how to secure SQL server for more pointers.

Microsoft publish security bulletin every month which will give advice you if you required installing any patch on your system. And to make this procedure easy for Windows operating systems and Office product Microsoft is offering Security Compliance Management Toolkit Series. Also to keep your system free from Viruses or malware Microsoft Assessment and Planning (MAP) toolkit is useful.

So, all in all we all should be more cautious when we are dealing with sensitive data and should improve by following SDL.

Read More

Common Mistakes in SQL Server - Part 5

Last to Last week we discussed how Null Values can cause a trouble in Common Mistakes in SQL Server – Part 4. This I will discuss about Auto Growth feature of SQL Server, and how it can impacts us.

What is Auto Growth?

Auto Growth is a feature that allowed database files (primary, secondary and log) to expand when database file becomes full - without manual intervention.

Auto Growth feature is really useful when we do not want to increase the size of database files manually. There are two ways you can set auto growth – using SQL Server Management Studio (SSMS here after) and T-SQL. Auto Growth can be configured – In Percent and In Megabytes.

How Auto Growth can impact us?

Now that we know what Auto Growth feature in SQL Server is; I’ll describe how this feature can impact us badly if we do not  configured this option carefully . Below is the table that will give you an idea what would happen if database file reaches to its threshold value and it needs to expand!!

See the calculation below when Auto Growth option is configured with in Percentage:

Configured to grow "In Percentage"
	File Size (before growth)	Growth - 10%	File Size (after growth)
1st time	5000	500	5500
2nd time	5500	550	6050
3rd time	6050	605	6655
4th time	6655	665.5	7320.5
5th time	7320.5	732.05	8052.55
6th time	8052.55	805.255	8857.805
7th time	8857.805	885.7805	9743.5855
8th time	9743.5855	974.35855	10717.94405
9th time	10717.94405	1071.794405	11789.73846
10th time	11789.73846	1178.973846	12968.7123

You will notice that the database growth is exponential when it is configured with Percentage i.e. 10%.  This is because this is calculated in cumulative manner; the value I have used here is 20 times lower than what we used to work on production systems generally.  If we set Auto Growth in Percentage it will occupy our HD space unnecessarily and creates fragmentation. Moreover when database files are expanding you will notice high volume in CPU spikes and I/O cycle.   

What is the best practice for Auto Growth option?

Best practice is to configure Auto Growth option in static value. See the sample calculation below:

	File Size (before growth) MB	Growth - 500MB	File Size (after growth) MB
1st Time	5000	500	5500
2nd Time	5500	500	6000
3rd Time	6000	500	6500
4th Time	6500	500	7000
5th Time	7000	500	7500
6th Time	7500	500	8000
7th Time	8000	500	8500
8th Time	8500	500	9000
9th Time	9000	500	9500
10th Time	9500	500	10000

Database grows in a controlled manner when Auto Growth is configured with the static/fix value in comparison to Percentage i.e. 10%.  The value I have used here is 20 times lower than what we used to work on production systems generally.   
 

It is true that now a day’s storage costs are lower down for desktops or home systems but it is really very costly when it comes to servers and data centers and this scenario will just add overhead to costing for storage solutions. So, the best bet is to configure Auto Growth with static value.

I would advise to configure Auto Growth option to static value only.

Read More