Validating Password Expiration

Posted on May 27, 2023 by way0utwest

I would guess that the majority of instances I’ve had to manage in my career were those that I didn’t initially install and configure. I’ve inherited more instances than I would bother to count, and I often need to double-check what’s been done in the past. As noted in the series on new jobs from Tracy and Josephine, there are a lot of settings to check and adjust to meet your standards.

While backups are often my first priority, security is second. I usually want to know who the sysadmins are and ensure systems are patched and configured to reduce the attack surface area. There is one other security check that I think I haven’t always been overly concerned about checking: password expiration.

There was a post from Steve Stedman recently that mentioned the way to alter logins and ensure they have CHECK_EXPIRATION set ot on, which ensures that passwords expire and need to get changed. This is especially important for sysadmins. I try to ensure those accounts in that role are secured with AD, but there have been times when SQL accounts are used. Usually, I disable sa, but I’ve seen other accounts, especially those used by monitoring systems who seem to think sysadmin is required. It’s not.

I don’t know that I’ve run queries to check the value in the is_expiration_checked column is appropriately set. If it’s not, then Steve’s post above will help you change those logins. That’s a handy script to have set up and use to ensure that all logins have this set. In fact, this is one of those areas where new logins could be created by junior administrators and not set the option. Perhaps this is something you want to run on a regular basis, perhaps weekly, to ensure that if any new SQL logins are created, they are done so with the password expiration set.

Ideally, no one would ever create logins without expiration set, but sometimes things happen. I’ve seen monitoring systems set up with sysadmin privileges and passwords that never expire. A surefire way to dramatically increase the risk to your database systems. It would be better to have a known, consistent process for setting up accounts. Some companies have specific scripts, or snippets, that administrators use when tickets are filed. One customer of mine had even linked a script to a Slack command in a sysadmin channel. Only admins could use this channel, but they could use Slack to kick off scripts to create logins, add roles, and force password changes.

No matter how you choose to handle security at a process level, it is important to include monitoring and remediation for issues. Mistakes will get made, settings altered, and exceptions approved. Sometimes we can fix things, sometimes we cannot, but knowing what our environment looks like and where we have potential issues is important not only for getting the work complete but getting the approvals to make changes that ensure better security. My recommendation is that you ensure you have a way to regularly check your systems, automatically fix issues where appropriate, and report on those that need additional approvals.

Steve Jones

Posted in Editorial | Tagged , , | 2 Comments

Using Data Masker on Chinese Surnames

Posted on May 26, 2023 by way0utwest

A customer had a question recently on masking Chinese characters. I thought that was interesting, so decided to test this out. This is a short post on using SQL Data Masker to accomplish this task, but I’ll a longer one on the Redgate Product Learning site.

Setting Up A Table

The first thing here was to get some test data. I was looking for Chinese names, since that was the request. I found this page on the most popular Chinese surnames. With that in mind, I build a small table and a few insert statements with this code. I only used the names Chén, Yáng, Zhào, Huáng, Zhōu, Wú, and one Western name for the demo

 CREATE TABLE dbo.CustomerFromChina
( customerid INT NOT NULL CONSTRAINT CustomerFromChinaPK PRIMARY KEY ,
   customersurname nvarchar(100)
)
GO
INSERT dbo.CustomerFromChina
   (customerid, customersurname)
VALUES
   (1, N'陈'),
   (2, N'杨'),
   (3, N'赵'),
   (4, N'黄'),
   (5, N'周'),
   (6, N'吴'),
   (7, N'Joe')
GO

I ran this and saw the results I needed.

query results with Chinese surnames

Creating a New Data Set

SQL Data Masker ships with a number of masking sets, but you can add your own. There is a process, but essentially you create a text file with the data in it and the udef extension.

The masking sets are in Program Files below the Redgate folder. This is an administative folder, so you need to have admin rights to make a new file. I did that and opened my file in VSCode, which defaults to UTF-8 format. Since I want to use Chinese characters, I need to use a text file that supports unicode.

I entered four names into my test file and saved it. You can see the entries here.

2023-05-26 12_29_02-chinesesurnames.udef - Visual Studio Code

I made the file name, chinesesurnames.udef. Make sure that this doesn’t have the .txt extension at the end.

Setting The Masking Set

I opened SQL Data Masker and created a new masking set. I connected this to my database and then went to the Misc. Setup tab. I didn’t see my set (I had this open), so I clicked “Refresh” at the lower left. This brought the data set into the list view. As you can see, I should have capitalized the file name.

2023-05-26 12_30_25-chinese(unsaved)_ Data Masker for SQL Server.

If I clicked “Sample” at the bottom, I see my data:

2023-05-26 12_31_34-chinese(unsaved)_ Data Masker for SQL Server

Note that the sample window shows a bunch of rows, but they are repeating the same four values.

Next, I added a new Substitution rule. I picked the CustomerFromChina table and the ChineseSurname column. I also selected my custom data set. This is noted on the right of the image below.

2023-05-26 12_32_22-Edit Substitution Rule

I saved this masking set and I was ready to test.

Testing

I first connected to the database and ran the query above in one window. Then I opened a vertical tab set, which moved this window to the right.

Next, I ran the masking set, which was quick on 7 rows of data. I then opened a new query window on the left side of SSMS and ran the same query  I’d run on the right. You can see the results below:

2023-05-26 12_36_26-SQLQuery1.sql - ARISTOTLE.sandbox (ARISTOTLE_Steve (57))_ - Microsoft SQL Server

In the image, the right has the original data. CustomerID 1 is Chén on the right, but on the left, this is now Liú. The others are also changed, with Joe also being masked to Liú.

This worked.

You can do the same thing with custom masking sets, in any Unicode format or language.

SQL Data Masker is a great product for managing a set of update scripts that will remote PII data from a database. It is clunky, but it works well for building and updating a project across time and with a team. Way better than T-SQL scripts.

Give it a try today.

Posted in Blog | Tagged , , , | 1 Comment

A New Word: Looseleft

Posted on May 26, 2023 by way0utwest

looseleft – the feeling of loss upon finishing a good book, sensing the weight of the back cover locking away the lives of characters you’ve gotten to know so well.

I feel this often. I think this is one reason I read series. Even when they end, this feeling is lessened because there are others to read, or re-read, as I do regularly.

However, Stephen King and Harlen Coben as favorite authors who often write novels about one set of characters that I love and get to know and then forever are stuck remembering the small part of their lives I shared.

From the Dictionary of Obscure Sorrows

Posted in Blog | Tagged , | Comments Off on A New Word: Looseleft

Using ChatGPT for Writing

Posted on May 26, 2023 by way0utwest

I have been experimenting more and more with ChatGPT on a regular basis. I’m interested and curious how this will help. I had a friend at one of the large FANG companies note that they found ChatGPT to be very helpful in their job, with assistance in various things. Their quote:

”…I used it to collaborate, having a design discussion, writing requirements, comments and document my code (!!), improve my writing and find the gap and provide suggestions…”

I thought that was interesting, so I sent in this prompt: write a one page post in the style of http://www.voiceofthedba.com that summarizes this article https://www.madeiradata.com/post/home-experiments-and-stacked-bar-graphs

I often find links that catch my eye, read them, and save them in a note for a future editorial. This time I asked ChatGPT.

This is part of a series of experiments with the ChatGPT and other AI systems.

The Results

What I got from ChatGPT is below. I read it and then wrote my own editorial, which was called The Best Graph. Mine is quite different, and I think, it’s better. I’m not sure the response below summarizes the post correctly, I don’t know it’s in my style (maybe parts), and ultimately, it’s a summary, not a commentary. Maybe that’s on me. I didn’t specify an editorial or opinion.

Read them both and let me know which one you like more, which you think works better.

The ChatGPT Response

In a recent blog post on Madeira Data Solutions, author Lisa B. shares her findings on the use of stacked bar graphs in visualizing data from home experiments. While stacked bar graphs are commonly used in business and marketing contexts, Lisa explores their potential usefulness in a personal setting.

Lisa begins by describing her home experiments, which involve testing the efficacy of various cleaning products. She notes that while she initially used line graphs to track the results of her tests, she found that stacked bar graphs were more effective in illustrating the relative performance of each product.

Lisa goes on to provide a detailed explanation of stacked bar graphs and their components, including the use of color-coding and labels to differentiate between different categories and subcategories. She also notes that stacked bar graphs are useful in highlighting changes over time and in comparing data across different groups.

One of the key takeaways from Lisa’s post is the importance of choosing the right type of graph for a given dataset. While line graphs may be appropriate for tracking changes in a single variable over time, stacked bar graphs may be more useful when comparing multiple variables or subcategories. By selecting the appropriate type of graph, researchers can more effectively communicate their findings and insights to others.

Overall, Lisa’s post provides a useful overview of stacked bar graphs and their potential applications in a personal, as well as professional, context. Whether you’re conducting home experiments or analyzing business data, it’s important to choose the right type of graph to effectively convey your findings.

Posted in Blog | Tagged , , , | 6 Comments