How to hash sensitive data for maximising security in SQL Server 2005 and later versions?

SENSITIVE DATA! It’s an interesting topic! In this post I’m trying to explain how to hash data to increase security during ETL. Assume that we have sensitive data stored in several secured source systems. The source systems are located in different countries and different regions. As the source systems themselves are secured, how we can cover data security needs during ETL process to read data from source systems and load into staging area? Apart from using secured network infrastructure, VPN, network tunnelling etc. we need to cover data layer security to extract sensitive data. One of the best ways is hashing data when it is extracting from source databases. Hashbytes is a T-SQL function that is available in SQL Server 2005 and later. As you might know there are many hashing algorithms, but, different SQL Server versions are supporting different range of hashing algorithms. For instance SHA1 is supported by SQL Server 2005 and later, but, if you are looking more secure hashing systems like SHA2, 256 (32 bytes) or 512 (64 bytes), you should use SQL Server 2012. Actually the hashbytes function will return null in earlier versions of SQL Server. If you are looking for a higher level of security like SHA3 that is originally known as “Keccak” you should wait for it for a long time as based on my investigations it is not supported even in SQL Server 2014 OR you can write your own SHA3 code OR just rely on some third party codes available on the Internet! So let’s get our hands dirty with using hashbytes in different versions of SQL Server.

Continue reading “How to hash sensitive data for maximising security in SQL Server 2005 and later versions?”

What is Hekaton?

First of all, I’d like to point to the fact that there is almost always a bottleneck with OLTP database’s performance that is related to disk speed. So in-memory processing can improve the current poor performance with disk-based tables significantly as well as achieving scalability.

In a very simple and quick explanation, Hekaton is new feature coming with SQL Server 2014 to handle in-memory processing for OLTPs. Actually it is something live xVelocity for OLAP. But, how Hekaton can help for improving OLTP performance and scalability? The answer is that SQL Server 2014 is trying to achieve these goals by using


  • Optimised algorithms to access memory-resident data
  • Eliminating logical locks using a concurrent control method for RDBMS (Relational Database Management Systems) that assumes that multiple transactions can complete without affecting each other, so that, the transactions can commit without locking the source data. This is called Optimistic Concurrency Control (OCC).
  • Using lock-free objects to access all data, so threads that perform transactional work do not use locks for concurrency control.
  • Using a new concept in SQL Server 2014 called Native Compilation. Native compilation refers converting programming constructs to native code, which consists of processor instructions that can be executed by the CPU without the need for further compilation or interpretation. So, SQL Server can natively compile stored procedures that access memory-optimized tables. Native compilation allows faster data access and more efficient query execution, than traditional, interpreted Transact-SQL.

Microsoft claims that “Use of main memory can result in performance gains from a few percentage points of performance improvement, to 20 times performance improvement.”

Continue reading “What is Hekaton?”

Installing SQL Server 2014 CTP1

  • After downloading the SQL Server 2014, mount the media file downloaded and run “setup.exe”
  • In SQL Server Installation Centre click on “Installation”

image

  • Click on “New SQL Server stand-alone installation or add features to an existing installation”

image

Note that if you have any of previous versions of SQL Server installed on your machine the setup process will fail because this release of SQL Server cannot be installed in until the existing instances of SQL Servers are uninstalled.

image

If you click on “Failed” you can read the complete error message that is “Previous SQL product installation failed. A SQL product other than SQL Server 2014 CTP1 is detected. You cannot install this release until the existing instances of SQL products are uninstalled.”

image

Continue reading “Installing SQL Server 2014 CTP1”

How to define database owner SQL server wide

What does it actually mean that the database doesn’t have a database owner?! It seems odd, but, it is possible. In some cases that the database is created by an application it really happens that the database doesn’t have any database owner. For instance, the databases  generated by CRM Deployment Manager doesn’t have database owner. So what if we had a bunch of databases in the SQL Server that doesn’t have any database owners? Okay, let me explain. I’ve faced to a situation that we needed to create some database diagrams for many databases and all of those databases where CRM databases created by CRM Deployment Manager. Hence, when we were trying to generate a database diagram an error message were raising saying the database doesn’t have DB owner.  So it was very time consuming if we wanted to define a DB owner for each database individually using the GUI. The following code will define a particular database owner for the databases server wide. (In our situation it was a service user.)

Continue reading “How to define database owner SQL server wide”