SQL Server Magazine UPDATE—brought to you by SQL Server Magazine
http://www.sqlmag.com and SQL Server Magazine Connections

http://lists.sqlmag.com/cgi-bin3/flo?y=ePLT0FgQMn0BRZ0ggP0AW

THIS ISSUE SPONSORED BY

Get a FREE License for AUTHENTIC 5

SQL Server Magazine University e-Learning Center
(below COMMENTARY)

Find Answers to Your SQL Server Questions
(below NEWS AND VIEWS)


SPONSOR: GET A FREE LICENSE FOR AUTHENTIC 5

AUTHENTIC 5 is the premier XML content creation solution developed by Altova, the leading XML tools provider! AUTHENTIC 5 is a customizable, light-weight, and easy-to-use XML document editor, that allows business users to create and edit content through a web-enabled interface that resembles a word processor. Get your FREE license HERE!
http://lists.sqlmag.com/cgi-bin3/flo/y/eQFd0FgQMn0BRZ058G0Av


March 27, 2003—In this issue:

1. COMMENTARY

  • Upgrade to Books Online SP3

2. SQL SERVER NEWS AND VIEWS

  • Code Execution Vulnerability in Windows Script Engine
  • SQL Server 10th Anniversary Contest Winding Down
  • Results of Previous Instant Poll: Security Gains?
  • New Instant Poll: SQL Server Experience

3. ANNOUNCEMENTS

  • Join the HP & Microsoft Network Storage Solutions Road Show!
  • T-SQL Solutions Available Free Online

4. RESOURCES

  • What's New in SQL Server Magazine: Preparing for Yukon
  • Hot Thread: Broken Ownership Chain on a Linked Server
  • Tip: Deleting Spaces in a SQL Server 6.5 Char Column

5. HOT RELEASES (ADVERTISEMENTS)

  • SQL Server Magazine Connections 3-for-1 Offer
  • Get the Best SQL Server Resource Available

6. NEW AND IMPROVED

  • Back Up and Recover Your Database
  • Encrypt SQL Scripts

7. CONTACT US

  • See this section for a list of ways to contact us.

1. COMMENTARY

  • UPGRADE TO BOOKS ONLINE SP3

  • (contributed by Brian Moran, news editor, brianm@sqlmag.com)

    By now, you know that SQL Server 2000 Service Pack 3 (SP3) exists, even if you haven't installed it. However, many people don't realize that a new version of SQL Server 2000 Books Online (BOL) ships with SP3. This full refresh of BOL is separate from SP3, and you can download it at http://www.microsoft.com/sql/techinfo/productdoc/2000/books.asp even if you don't plan to apply SP3 right away.

    The updates in BOL include some crucial changes. As you know, every BOL topic includes a feedback button that lets customers suggest changes or point out errors in the document. The new BOL incorporates changes that customers have suggested. The SP3 version of BOL also corrects documentation errors that customers reported after Microsoft released the previous BOL update. And Microsoft has added topics that document SQL Server 2000 SP3 functionality.

    You can install the BOL update so that it completely overwrites the previous version, or you can install it beside the previous version. I prefer to do a separate installation because I can't predict when I might want to have a copy of the previous BOL version. Keeping the two copies is especially helpful with SP3 because some topics—such as "Cross DB Ownership Chaining"—are related specifically to SP3 changes. I strongly recommend keeping an older version of BOL. It won't take up much space, and it's better to be safe than sorry.

    You can easily distinguish the new BOL version from an older version by looking for the title-bar text "SQL Server 2000 Books Online (Updated - SP3)." In addition, each page that contains a new or changed entry is marked with the tag "New Information-SQL Server 2000 SP3." Microsoft claims that this marking system lets you search for new information and changes. However, such a search isn't as easy as it sounds. First, the changed content isn't specifically identified. Sure, you'll know that something on the page has changed, but you won't necessarily know what that something is. Second, the BOL search function seems to be limited to 500 hits. Searching for the term "SQL" returns only 500 hits, even though the actual number of references is much higher. Searching for the tag to see what's changed in this BOL version also returns 500 hits. It's hard to know for sure how many pages have actually changed, but it's certainly more than 500.

    Despite these limits, having access to this updated documentation is essential. Often, being an expert simply means being able to find the answer faster than anyone else. Don't handicap yourself by working with anything less than the most up-to-date copy of BOL.


    SPONSOR: SQL SERVER MAGAZINE UNIVERSITY e-LEARNING CENTER

    SQL Server Magazine University (SSMU) e-Learning Center delivers LIVE quality technical training at your desktop. Learn practical SQL Server skills from MCTs, MVPs, SQL Server Magazine authors, and SQL Server gurus and industry leaders such as Kalen Delaney, Morris Lewis, Brian Moran, Itzik Ben-Gan, and others that you've come to trust. Finally, a complete training program led by SQL Server experts with real-life business application experience—not just theory, but real, practical application! For an online schedule of SQL Server Magazine University e-Learning Center events, please click here:
    http://lists.sqlmag.com/cgi-bin3/flo/y/eQFd0FgQMn0BRZ067v0Ai


    2. SQL SERVER NEWS AND VIEWS

  • CODE EXECUTION VULNERABILITY IN WINDOWS SCRIPT ENGINE

  • If you're running SQL Server on Windows, you need to know that a new vulnerability in Windows Script Engine can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the way Windows Script Engine for JScript processes information. Microsoft has released Security Bulletin MS03-008, "Flaw in Windows Script Engine Could Allow Code Execution (814078)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch mentioned in the bulletin. You can get more information about the vulnerability and link to download sites at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-008.asp .

  • SQL SERVER 10TH ANNIVERSARY CONTEST WINDING DOWN

  • You're running out of time to test your SQL Server knowledge and win prizes in SQL Server Magazine and Microsoft's 20-week trivia contest to celebrate SQL Server's 10th anniversary on the Windows platform. Since November 20, contest participants have tested their SQL Server knowledge by answering quiz questions, and their responses have qualified them to win biweekly prizes. As the contest draws to a close, all participants are in the running for the grand prize: a Microsoft Xbox video-game console including two controllers and three Xbox games. The final day to enter the contest is April 9, with the drawing for the grand prize occurring on April 10. To enter the contest, visit SQL Server Magazine's SQL Server 10th Anniversary Web page at http://www.sqlmag.com/quiz/ .

  • RESULTS OF PREVIOUS INSTANT POLL: SECURITY GAINS?

  • The voting has closed in SQL Server Magazine's nonscientific Instant Poll for the question, "Do you think that your organization's network is more secure or less secure than it was a year ago?" Here are the results (+/- 1 percent) from the 233 votes (deviations from 100 percent are due to rounding errors):
    • 79% More secure
    • 12% Less secure
    • 10% Not sure

  • NEW INSTANT POLL: SQL SERVER EXPERIENCE

  • The next Instant Poll question is "How long have you worked with SQL Server?" Go to the SQL Server Magazine Web site and submit your vote for 1) 1 year or less, 2) 1-3 years, 3) 3-6 years, 4) 6-9 years, or 5) 10 years—I'm a veteran.
    http://www.sqlmag.com

    SPONSOR: FIND ANSWERS TO YOUR SQL SERVER QUESTIONS

    Inside the new March 2003 release of the SQL Server Magazine Master CD, you'll find a gold mine of SQL Server code, tips, and information! PLUS, you'll receive the entire T-SQL Solutions newsletter article archive in addition to the entire article archive of SQL Server Magazine! Here's your opportunity for realtime access to expert information right on your desktop. Search by keyword, subject, author, or issue. Order your one-year subscription today!
    http://lists.sqlmag.com/cgi-bin3/flo/y/eQFd0FgQMn0BRZ0KrA0AB


    3. ANNOUNCEMENTS


    (brought to you by SQL Server Magazine and its partners)

  • JOIN THE HP & MICROSOFT NETWORK STORAGE SOLUTIONS ROAD SHOW!

  • Now is the time to start thinking of storage as a strategic weapon in your IT arsenal. Come to our 10-city Network Storage Solutions Road Show, and learn how existing and future storage solutions can save your company money—and make your job easier! There is no fee for this event, but space is limited. Register today!
    http://lists.sqlmag.com/cgi-bin3/flo/y/eQFd0FgQMn0BRZ07cD0Ad

  • T-SQL SOLUTIONS AVAILABLE FREE ONLINE

  • The T-SQL Solutions Web site is now available free to registered users. To access new articles, tips, archived articles, and associated code, simply complete an online registration form! The site features columns by SQL Server gurus as well as an active T-SQL forum and Instant Poll. Register today!
    http://lists.sqlmag.com/cgi-bin3/flo/y/eQFd0FgQMn0BRZ0Kqz0A6

    4. RESOURCES

  • WHAT'S NEW IN SQL SERVER MAGAZINE: PREPARING FOR YUKON

  • SQL Server 7.0 transformed SQL Server's underlying database-engine architecture, but the way DBAs manage the server remained essentially the same. Although Yukon features the same underlying architecture, the release has big changes in store for DBAs. You can get ready for these changes by starting to evaluate when and where to use the new Microsoft .NET Common Language Runtime (CLR) languages in your environment. In his April SQL Server Magazine column "Preparing for Yukon," Michael Otey explains how to take this crucial first step. Read the full article online at
    http://www.sqlmag.com/articles/index.cfm?articleid=38139

  • HOT THREAD: BROKEN OWNERSHIP CHAIN ON A LINKED SERVER

  • Luther has created some views of a database located on a linked server. The linked server is in the same domain as Luther's server, he is an administrator on both servers, and both servers use Windows authentication. Luther wants to use an application role to edit some records in the views. However, he gets a broken-ownership-chain error because the application role doesn't have permissions on the underlying objects in the remote database. How can he work around this limitation? Offer your advice and read other users' suggestions on the SQL Server Magazine forums at the following URL:
    http://www.sqlmag.com/forums/messageview.cfm?catid=3&threadid=14029

  • TIP: DELETING SPACES IN A CHAR COLUMN

  • (contributed by Microsoft's SQL Server Development Team, questions@sqlmag.com)

    Q. I need to clean up the data that users input into the database. How can I remove extraneous spaces in the character (char) column in SQL Server 6.5?

    A. Although the question asks for a SQL Server 6.5 solution, let's first look at the SQL Server 2000 solution for removing extraneous spaces. In SQL Server 2000, you can implement a user-defined function (UDF), such as the one that Listing 1 shows, to remove the spaces. The UDF loops through the string argument, looking for repeating spaces; when it finds repeating spaces, the code includes only the first space in the returned string. Note that in Listing 1's mytrim() function, if you pass a NULL value, SQL Server returns a NULL value. If the string is empty or contains only spaces, SQL Server returns an empty string. And the code removes only extraneous spaces.

    To use the UDF that Listing 1 shows with pre-SQL Server 2000 releases, which don't support UDFs, you must make some modifications. You can either place the code inline or create a stored procedure and use an output parameter to return the result. Then, you can use the result in your final SELECT statement. However, if you use a stored procedure, you have to pass data through the procedure by using a cursor loop because the stored procedure can't accept a tabular argument. The advantage of using a UDF instead of inline code or a stored procedure is that T-SQL syntax lets you apply the UDF to all char column occurrences in your SELECT statement without the need for a loop.

    Send your technical questions to questions@sqlmag.com.

    5. HOT RELEASES (ADVERTISEMENTS)

  • SQL SERVER MAGAZINE CONNECTIONS 3-FOR-1 OFFER

  • Want technical drilldowns into SQL Server plus interaction with SQL Server Magazine writers and Microsoft product architects? Register for SQL Server Magazine Connections and get FREE access to Microsoft ASP.NET Connections and Visual Studio Connections!
    http://lists.sqlmag.com/cgi-bin3/flo/y/eQFd0FgQMn0BRZ0ggP0Ah

  • GET THE BEST SQL SERVER RESOURCE AVAILABLE

  • Subscribe now to SQL Server Magazine and receive 12 information-packed issues delivered to your doorstep or your desktop. PLUS, you'll get FREE access to the SQL Server Magazine article archive on the Web!
    http://lists.sqlmag.com/cgi-bin3/flo/y/eQFd0FgQMn0BRZ08Ve0Ay

    6. NEW AND IMPROVED


    (contributed by Carolyn Mader, products@sqlmag.com)

  • BACK UP AND RECOVER YOUR DATABASE

  • BMC Software announced an update to SQL-BackTrack for Microsoft SQL Server, an enterprise solution for SQL Server backup and recovery. The software provides block-level incremental or differential backups, dump striping, and data-compression capabilities. When only one object is damaged, you don't need to recover your entire database; logical extraction lets you recover individual objects directly from physical backups. The Point-In-Time Recovery feature helps DBAs identify when the database became corrupted and lets you recover the database to just before the problem occurred. Enhancements include support for SQL Server 2000 and Windows 2000, clusters, named instances, and multiple instances. The updated version also features a new GUI. For pricing, contact BMC Software at 713-918-8800 or 800-841-2031.
    http://www.bmc.com

  • ENCRYPT SQL SCRIPTS

  • Ecatenate announced dbLockdown, a database tool that encrypts and restores stored procedures, triggers, and user-defined functions (UDFs) and views. The software safely encrypts your SQL scripts so that nobody can view or edit them. The software lets you view all SQL Server database objects across your enterprise and on your Internet servers. All database objects that you encrypt are automatically archived so that you can restore them again. You can also encrypt and restore individual database objects. dbLockdown uses SQL Server's native encryption, so the software doesn't compromise database script functionality. The tool tracks database versions to prevent the loss of incremental script changes. For pricing, contact Ecatenate at info@ecatenate.com.
    http://www.ecatenate.com

    7. CONTACT US


    Here's how to reach us with your comments and questions:

    • ABOUT THE COMMENTARY — brianm@sqlmag.com
    • ABOUT THE NEWSLETTER IN GENERAL — kathy@sqlmag.com

    (please mention the newsletter name in the subject line)

    • TECHNICAL QUESTIONS — http://www.sqlmag.com/forums
    • PRODUCT NEWS — products@sqlmag.com
    • QUESTIONS ABOUT YOUR SQL SERVER MAGAZINE UPDATE SUBSCRIPTION?
      Customer Support — sqlupdate@sqlmag.com
    • WANT TO SPONSOR SQL SERVER MAGAZINE UPDATE?
      More than 102,000 people read SQL Server Magazine UPDATE every week. Shouldn't they read your marketing message, too? To advertise in SQL Server Magazine UPDATE, contact Beatrice Stonebanks at bstonebanks@sqlmag.com or 800-719-8718.

    SQL Server Magazine UPDATE is brought to you by SQL Server Magazine, the only magazine completely devoted to helping developers and DBAs master new and emerging SQL Server technologies and issues. Subscribe today.
    http://www.sqlmag.com/sub.cfm?code=ssei211x1y

    The SQL Server Magazine Connections conference—loaded with best-practices information from magazine authors and Microsoft product architects—is designed to provide you with the latest SQL Server tools, tips, and real-life examples you need to do your job.
    http://lists.sqlmag.com/cgi-bin3/flo?y=ePF50FgQMn0BRZ0ggP0At

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    Thank you for reading SQL Server Magazine UPDATE.