Now that SQL Server 2005 has been released, I'm becoming more "at one" with the tools. I've commented on a couple of cool features as things evolved, but having worked with the product since it's early beginnings I've also learned a lot of DDL. And learned early on that, "just because you can't do it with the graphic-user interface doesn't mean it can't be done". I'm pleasently surprised of the evolution of SQL Server Management Studio. It can do almost everything...but CREATE a QUEUE or SERVICE from Object Explorer (A minor inconvenience). The cool things far overshadow the few limitations.

However...today I came across two add-ins for SSMS that I can't do without. Already. First one solves the hassle of not being able to rearrange the folder entries in SSMS Projects in alphabetic order. I always thought this would appear in the "next CTP, right around the corner. It didn't. And Jasper Smith published this nice "external tool" that I now can't do without. Thanks Jasper.

I've always loved intellisense. Not that I can't memorize tons of API interfaces and methods if I have to/use them all the time. The OLE DB interfaces and methods come to mind. But I always used Visual Studio, even in the early .NET pre-alpha days (when EMACS for Windows made a comeback) because of the intellisense. One of the interesting side-effects with intellisense is most often, if it doesn't show up in intellisense, you're pretty sure you've mistyped the class/interface name.

Second SSMS add-in I can't do without is called PromptSQL. Very (sorry VERY, VERY (2 capital “very“s)) cool add in. I use it mostly in SSMS, but it also supports Query Analyzer and Visual Studio database projects. It has one superb feature I wish they'd have in VS intellisense. The "aggresion level" of intellisense, ie, how long it wait before popping up the intellisense is configurable. Although its mostly the "aggresion level" of automatic statement completion in VS that's a pain, especially in VS 2005 it's way too aggressive.

Anyway I've a convert to the tools. And certain add-ins. I've probably created my last trivial DDL without Template Explorer. And puzzled over table names without intellisense for the last time. Back to work...it's only just after midnight. What IS ASP.NET Cache Sync doing with Service Broker anyhow?...story for another day.

After reading my last blog entry, Wally McClure points out that I did indeed meet him once. In July 2001, on Redmond campus. Amazing. And of course, now I *do* remember it, it was a .NET (1.0) authors summit. I think. He looked just like his picture. Sorry...more technical content coming soon.

The podcast I did with Wally McClure is up on his website. Here's the link to it. I did this podcast about a month ago, so some of the musings might be old news, but Wally wanted to time the podcast's release with the release of SQL Server 2005 and Visual Studio 2005. So it's available today. He's posted a really nice tag line with it...Wally, you're too kind.

Although I've still never met him in person, Wally and I go way back (to my OLE DB days) via email. He claims I'm even referenced in his new book, though I haven't got my copy (hint,hint) yet. Some day I may actually get to meet him.

In his blog posting, he mentions that my SQL Server 2005 beta book is no longer on sale. Not true, its still around...although Dan and I are rechecking every fact/code example for the new one as I write this. It will be called "A SQL Server 2005 Developer's Guide", and will be released early next year.

Although most folks really liked the "First Look" book, I did get some complaints about it being based on a beta version (beta 2, actually) of products, rather than waiting for the "golden bits". I find it interesting that there are lots of books appearing daily on SQL Server 2005/VS 2005/.NET 2.0 right now. With the lead time that most publishers have, these must ALL be based, to some extent, on pre-release versions of the software. Albeit quite a bit newer pre-release versions than beta 2.

A lot has happened since beta 2. The latest development is that some of the concepts of ObjectSpaces and X# (aka C-Omega) have morphed (with LOTS of further development) into LINQ/DLINQ/XLINQ. I'm intrigued.

So our new book will be based on the "golden bits". And it will be right up to date...up until SQL Server 2005 SP1 appears. So writing any book on software, beta or not, is aiming at a moving target to some extent. Although the beta book had lots of code, it was really meant to be a "concept" book. The base concepts haven't changed at that much, although the implementation has evolved.

The new book will have LOTS of new material. And revised material. That's because the folks that work on SQL Server, .NET, and Visual Studio have been working REALLY hard since the beta to bring you the best product. And they're still working hard right now..on V-Next. And SP1.

And I'm only the fiftieth person to blog about it. That's SQL Server 2005 and Visual Studio 2005/.NET 2.0, of course. I considered not blogging and saving network bandwidth 'cause everybody already knows, but...naaaahh.

CONGRATULATIONS folks! Must be quite a party going on in Redmond. The MOST exciting set of products to come out in quite some time. One man's humble opinion, as always.

Mary always accuses me of “living entirely in the future”...hmmm...what to do now that the future is here. You've already seen my wish list for V-next. Maybe I do live in future, she's right. As always.

The last five blog entries were a lot of "off-the-top-of-my-head" list writing. Mostly remembering what people had said or the "I wish there were" comments. Just so no one misunderstands the tone....

The SQL Server 2005 version of SQL Server has more new features by order of magnitude (at least from a developer perspective, though I think a rewritten SSIS and the UDM concept qualify too) than any other delta of SQL Server. It took a herculean effort by a large number of people. We know who you are. THANKS.

There had to be some things postponed, especially with radical features, to see how relatively popular the feature would be. As an example, I've yet to see the "killer user-defined aggregate" that we couldn't ever have lived without. If you have one, let me know. I AM NOT complaining that the product doesn't have every one of these features now (in most cases), just enumerating some constructive suggestions for futures. That were solicited.

I've also been told that I don't like to throw away "abusable" features, features that are powerful but can cause problems if used incorrectly. Yep. User (programmer and DBA) education, is the solution to this. Why should users who know when to use a feature (and when not to) be penalized because some folks will potentially abuse a feature?

For the long list of things that I liked about SQL Server 2005 see the early blog entry here. I actually wrote a book (something I said I'd never do again), am working on an update to the book, and changed the company I worked for, to spend more time with this product and people who are associated with it. That's my testimonial.

Use the lists for what you will. Cheers.

OK, SQLCLR wish list comes last. Mostly because I'm tired of being accused of being a SQLCLR bigot; I think it was because our book covered those topics first. Oh well.

Default parameter values in SQLCLR procedures when called by T-SQL. You obviously can't/shouldn't support these when called from-CLR-to-CLR. Right now, they work, but the metadata doesn't recognize them. Nor does the SMO scripter.

Better exception/error handling in SQLCLR when called by T-SQL. See this blog for my 6522-saga of entries.

.NET 2.0 nullable type support for parameters. People always ask.

Overloaded methods support. As an alternative, let me define each overload with different T-SQL names. Or just define one of them.

Better integration with System.Transactions for transaction nesting.

Bring back SqlExecutionContext and SqlDefinition.

UDTs and UDAggs of greater than 8000 characters. This is a big one.

Support of IComparible (maybe in UNSAFE mode, I know why its off currently), operator overloads, inheritence, and multiple sort orders for UDTs.

More framework BCLs that comply with the "SAFE spec".

UDAggs with more than one parameter, and that support .NET generics. The more than one parameter is more important of the two.

Either support UDAggs' IsInvariantToOrder=false or remove the property from the attribute.

SSMS should display a NULL UDT value like SQLCMD does.

That's all the wishes for now. Likely some that I left out. Cheers.

Transact-SQL has been around for a lot longer, the list will be a bit smaller. But the T-SQL enhancements in 2005 were numerous but, of course, left some folks wanting more. As always.

More error handling improvements - TRY-CATCH is VERY nice. For next time, how about FINALLY and RETHROW? The ability to rethrow system errors, rather than having to convert them to user-defined errors would be nice too. The error levels and semantics could be made more consistent too, as Erland Sommarskog's dissertation on the subject points out. A personal request would be to implement some of the ANSI SQL error handling constructs, or subtly change the syntax to come closer. But no one doesn't like TRY-CATCH over @@ERROR, that I'm aware of.

An option for catalog time object resolution for procedural code. It would make sysdepends more dependable too.

Subselect support for the IN clause of PIVOT.

BEFORE TRIGGERs. I didn't ever use them much when I worked in [database that had them] but it would at least help conversion.

UPSERT (insert or update in a single statement).

When using the new OUTPUT clause, a way to get row values before or after triggers fire. You only get "before" now.

ANSI DOMAIN support.

Support for SQL/MED syntax (well, it IS a wish list, right?)

Explicit windowing functions. The new Windowing has inline only.

Support for "caching part of a rowset in memory". I'm unsure what the formal name for this is, all I keep hearing is that database [some popular database] has it.

Less restrictions on what can SQL be in INDEXED VIEWs. There is a set of restrictions that are similar for INDEXED VIEWs, Query Notifications (obvious why) and Recursive CTEs. Probably an engine optimization. The one that folks seems to ask for most is UNION support in these.

Ability to debug T-SQL procedural code in SSMS.

Using FOR XML with hierarhical CTEs. Didn't know where to put this, here or part 1.

SQLCLR is next, while I'm on a roll.

This one is about SQL Server Service Broker. It's not necessarily a cool or sexy feature, but may be the most revolutionary feature in there. The problem with Service Broker is that most people don't get it. They think YAQS (yet another queuing system). It's more than that. It's already used for 3 features inside the server (query notifications, event notifications, and mailer), there could easily be more. A SQL Agent replacement comes to mind. But I digress, this is supposed to be a wish list. If you still don't get it, think harder. Or come talk to me. Or listen. Here's wishes.

SSMS support. Currently only does display functionality. A "route, security, and message testing" piece and configuration would be nice too.

Monolog support. So I won't have to keep explaining why it's "BEGIN DIALOG" but "END CONVERSATION".

Broker support on SQL Server Mobile. For obvious reasons. It could be a discreet subset.

Object model that works for internal activation, external activation, and clients. There's a nice one in engine samples; it should be officially supported. It would be cool if it was design type similar to JMS. Plus extensions.

Supported auto-deployment. For each side of a service. Again, its been done, but not officially supported.

Same (official support) for external activator.

WCF channel. For transactional messages, broker doesn't use DTC. Makes it faster. Faster still when messaging combined with database operations.

HTTP channel. Although that can be built by third parties too.

WCF and WWF assemblies should be able to be marked as "SQL Server safe". Or they'll have to run in the external activator.

Hmmm...many/most of these contained the word "support" somewhere.

More wishes to come.

OK, because it was Michael that asked originally, XML/XQuery wishes for SQL Server 200x. In no particular order.

Full compliance with "standard" W3C XQuery. If the standards committee finishes before SQL Server 200x ships. Else it will become a "standard" no one follows. Hmm...like SQL. Reason for this is twofold.
1. Folks who get a "generic" XQuery book at the store are now totally confused. Many give up after the third or fourth "not supported" message.
2. RCG (recent college grads) who may learn "generic" XQuery in college. There's a reason why C# looks somewhat like another popular programming language. Because it makes it easier to switch environments. And code.

XQuery editor. That does schema or schemaless. Strong typing. Files or the SQL table row of your choice. They had a good start in the beta, but had to finish VS XML tools.

Client side XQuery. How can I write code that might run on server or client, when it can't run on the client? XLINQ is nice, but it's not a substitute. Should be compatible with server, modulo input and ouput.

Output in encodings other than UTF-16. A CONVERT with extra parm, like DATETIME has.

Full support for XSD schema productions. Yes, I know that its techinically outrageous. But its another source of confusion/frustration. Get an industry standard schema (even Office 2003 schemas). Can't store it without changing "lax" to "skip". But then its not the same schema if I change it.

Standard grammer for composition and decomposition. Now, I'm a big fan of SELECT...FOR XML. It's easier and more powerful than the alternative. But let's talk conversions again. Just layer on XmlElement(), XmlAttribute, etc. Kind of like CAST vs CONVERT in TSQL, they implement both.

A XML.validate method.

A more powerful modify method. But again, this could wait (but not long) for the W3C. Most people don't know that modify IS based on a standard proposal. But XDR and XML Patterns were proposals too. So maybe implement "update" (in addition to insert, replace value of, and delete) for next time. Bet SQL Server is finished before W3C. Multiple node inserts/updates/replace value ofs.

XQuery collection() semantics over rows in a table. That could be considered a collection.

XQuery 1.0 and XPath 2.0 data model (or ANSI SQL 200x data model) support. They're relatively close now.

FOR XML works with UDTs.

Ability to specify DOCUMENT on well-formed data. Like it works on schema-valid. This is a nit, I can do my own constraint. Arguably.

Finally, Node-level locking or Node-level versioning. Yes, I know. Technically outrageous. But it IS a WISH list after all.

It's just a few weeks until the launch of SQL Server 2005. I'm been hiding under a rock since returning from Hong Kong. TechEd there was a great time, biggest attendence they've ever had. Security and SQL Server 2005 were the hot topics. Yes, even after PDC in September.

It's been over three years since I got my first look at SQL Server 2005, in September 2002. I knew then it was a major undertaking; kudos to everyone who worked on it so hard for so long. I've been teaching developer topics (its hard to make a hard distinction, for example, is snapshot isolation a developer or administrator topics?) for over 2 years, since the first class of 45-or-so Microsoft folks up in Redmond. Everyone I've presented features too has been really excited. Or pretended to be excited because I was.

They're already talking about the next version and Micheal Rys (of XQuery and XML data type fame) was asking what folks would like in the next version. Thought I'd take a shot at it, at least from the developer perspective. No better time...so here goes. I'll do multiple blog entires, starting with infrastructure. It's a big WISH list, I don't expect all of them. Or even most of them. Mostly, they are customer wishes, but some are mine too.

In this arena, we could use Row-level security. It was in beta 1 for a while, and folks always asked about it. Certain business sectors require it.

Next, true ANSI DATE and TIME data types. We had them too, for a while, but they were written using SQLCLR. Some folks didn't appreciate that, they were cut. They're needed to provide a conversion path from databases that use them. Like [main competitors names go here]. Frankly it didn't bother me as much as most *how* they were implemented just that we had them. I'm still looking for the promised source code so we could compile 'em and use 'em ourselves. Whatever happened to that? You could implement them yourself using SQLCLR, but a supported version would be better.

A hint/set of options so you could keep the default READ COMMITTED locking behavior, but use READ COMMITTED versioning (aka statement level snapshot) through a hint. Oh, and while we're at it, a separate “rollback database“ instead of using TEMPDB for old versions when using versioning.

Finally, some folks asked about DML event notifications (using Broker), FILESTREAM data type, higher capacity MAX data types, and there's a set of people who always ask about bitmapped indexes. You know who you are...

XML/XQuery wishes are next.

A couple of hours after checking into my hotel on the Hong Kong waterfront, fireworks started going off outside...the real kind. Turns out I'd arrived on China National Day and the streets outside were closed because crowds had gathered to watch the fireworks display at the harbour. 56th anniversary of the People's Republic of China. I hussled myself outside to watch. Quite an amazing show.

Luckily for me I'd arrived before the streets were shut down. But after having been here earlier this year, I could have got here, open streets or not, on the excellent subway that gets to within a quarter mile or so of the hotel. It's always easier to find your way around the second time.

Tomorrow starts the pre-con for TechEd Hong Kong, which promises to be quite an event. If you haven't registered yet, you might consider it. See previous post about me, pre-cons, and too much material. Be prepared. I have some breakout sessions too, that ought to bring the pre-con material overflow down.

There's even quite a bit of new material since I was in Hong Kong last. Some folks see this as a "churn problem" with the feature list of SQL Server 2005. Ha. I see it as indicative of the immense number of features and countless hours of development. Kimberly has two slides that come to mind; SQL Server 2000 new features (a very dense slide with feature bullet points about 80-100 features) and SQL Server 2005 new features, where she has to bring the font size down about 6 points to fit them all in, almost 2-3 times as many features.

See you there.

Made a quick exit from SQLPass in Dallas, hopped on a plane, and 4 planes later (plus a stop at home to get things together) I'm in Hong Kong.

I enjoyed SQLPass immensely and by the sounds of it, so did the folks that were in my two-day long pre-con on SQL Server 2005 for developers. We filled up the room they allocated and, by the end of the day, folks were sitting on tables in the back. We did away with the traditional "lecture to a large crowd" format and I accepted questions at any time, "did requests" for demos, and generally made a free-for-all out of it.

As usual when trying to cram 5-6 days worth of material in 2 days, we went overtime; in fact the second day they had to physically extract us from the room at the end of the day. There were shouts of "just keep going" but there was a meeting afterwards in the room. They kicked us out.

People looking for the "extended demos" on the SQLskills website (where I said they'd be) may have to wait a few days while I co-ordinate things, but they ARE available on the SQLPass site now. As are the XQuery tutorial demos.

The XQuery tutorial spotlight talk was pretty well attended. The explanation was that there were way more DBAs at the conference than devs, but...surprise the language tutorial was *supposed* to be for DBAs too. If you think you'll get away without using XQuery, DBAs, have a look at the output from DDL triggers and event notifications.

BTW, I did defer one question and never got back to the questioner, so here goes...regardless of whether you use the "old or new" BULK INSERT syntax (ie the statement or the BULK provider) you need "ADMINISTER BULK OPERATIONS" and INSERT on the table in question, and some of the options may require ALTER TABLE on the table in question.

Thanks to the SQLPass conference folks and the attendees for a good time.

I'm here at SQLPass conference in Texas, the preconference doesn't look like it will be "rained out" as my was last year. I came in yesterday in the early evening. There was a little wind on the flight in but nothing major; the plane even arrived on schedule. I look forward to seeing everyone there. If you won't be at the preconference, I'll be doing a book signing on Wednesday at noon and an XQuery tutorial talk on Thursday morning, stop by and say hi.

Although the weather is pretty good in Dallas (or at least out by the airport) watching the weather channel makes it obvious that everyone wasn't as lucky WRT the storm. My best wishes go out to all the folks affected by the storm(s).

When I'd talk at Ascend about how Visual Studio auto-deploy of SQLCLR assemblies not only catalogs the assemblies and the PDB files to SQL Server 2005 but also the source files, folks would always ask "why the source files"? Today I found out; I'm surprised it escaped me for so long.

In Visual Studio Server Explorer, if you've deployed the source files and PDB, you can right-click on any T-SQL or SQLCLR stored procedure, UDF, etc and and debug it, source code and all, whether or not you have the actual project files in-hand. It will just get them from inside SQL Server. Pretty neat...so that's what its there for.

There is a pretty hefty (but *completely* understandable and necessary) price to pay for admission to this feature, however. You must be sysadmin in SQL Server (CONTROL SERVER) to do this. Understandable because you're going to:
a. stop all managed threads on the server
b. be able to snoop around

So...that's why. And how.

After writing about a lot of new security features that were added since we published our "First Look at SQL Server 2005 book" its nice to report on one that we had in there (at beta2), but never appeared in the product. Until now.

In the September CTP version on SQL Server 2005 (I think its probably the last CTP), you need special permissions to CREATE an ASSEMBLY with UNSAFE permission set. You must have either one of the following:

1. DBO has UNSAFE ASSEMBLY permission and database has TRUSTWORTHY property on.
or
2. ASSEMBLY is signed with an asymmetric key or cert that has a LOGIN with UNSAFE ASSEMBLY permission.

We'd written about the second choice. Here's one of the combinations that works:

1. Create a strong named key in c:\temp\assm.snk
2. Sign the assembly unsafe1.dll with this strong named key
3. Make a SQL Server LOGIN for the key.
4. Give LOGIN the appropriate permissions
5. Catalog the unsafe assembly

In code, it looks like this:

-- master key in master database
USE master
go

CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'StrongPassword1'
go

-- keyfile generated by VS or .NET command line utilities
CREATE ASYMMETRIC KEY assm FROM FILE='c:\temp\assm.snk'
go

CREATE LOGIN snk FROM ASYMMETRIC KEY assm
go

GRANT UNSAFE ASSEMBLY TO snk
GO

USE somedb
GO

CREATE ASSEMBLY unsafeassemblyex FROM 'c:\temp\unsafe1.dll'
  WITH permission_set = unsafe
GO

That's only one variation of it. You can also use the key stored in the assembly (CREATE ASYMMETRIC KEY FROM EXECUTABLE FILE=...) or an assembly already cataloged inside the database (CREATE ASYMMETRIC KEY FROM ASSEMBLY...). You can do the same thing with certificates.

So one of the SQLCLR security features we wrote about over a year ago has come to pass.

This one's been around for a while, but don't think we'd mentioned it in the book. In addition to Windows logins and SQL logins, you can have SQL logins mapped to a certificate or to an asymmetric key. Same with database users. One of the reasons you might want to do this is to implement Service Broker transport security. That is, create a certificate in master, then create a login mapped to the cert. Now use the cert in the CREATE ENDPOINT ... FOR SERVICE_BROKER.

To allow your business partners to authenticate with your endpoint (in their implementation of transport security) you BACKUP the cert to a file (the default is to BACKUP public key portion only) and then send the cert to your business partner. They install it in master to use to authenticate your endpoint.

There a variation of CREATE USER foo FROM CERTIFICATE that's caused a lot of discussion on one of the newsgroups lately. That is "CREATE USER ... WITHOUT LOGIN". This is used with Service Broker too, but with full dialog security, rather than transport security. This USER has only the permissions it needs (usually only SEND on the SERVICE/ or RECEIVE on the QUEUE in question). So this is used for the following scenario:

1. Create a user without a login
2. Create a cert owned by the user
3. Backup the cert (public key only) to a file, send to business partner
4. They create a user without login
5. They install your cert from a file
6. They GRANT the user the appropriate access
7. Your BEGIN DIALOG uses full dialog security (ENCRYPTION = ON is the default).

Folks on newsgroups have said it (USER WITHOUT LOGIN) is undoc'd, but I remembered seeing this before. Then I remembered where. It's in Neils' remote Service Broker examples here.

You've probably heard by now of the usage of the EXECUTE AS clause with procedural code. As in "CREATE PROCEDURE foo WITH EXECUTE AS OWNER". But EXECUTE AS can also be used at a session level,like this:

EXECUTE AS USER='fred'
-- some T-SQL here
REVERT

This is meant to replace the SETUSER verb because you might want things executed as a specfic login as well as user. So there's also EXECUTE AS LOGIN='freds_login'. You can aribtrarily nest EXECUTE AS blocks and there's subject to the nice, granular, IMPERSONATE privilege. Originally, I'd heard there was going to be a "REVERT ALL", but there's security mischief that might happen with this, so it never happened.

BUT.
There are two variations of EXECUTE AS that are interesting, based on security considerations. First one is "EXECUTE AS USER='fred' WITH NO REVERT". Exactly what it sounds like.

Next one is EXECUTE AS WITH COOKIE. The idea is similar to what I described in sp_unsetapprole. You don't want just any ol' level of impersonation to do REVERT. So EXECUTE..WITH COOKIE gives you a cookie to use with REVERT.

As a blog reader as well as blog writer, I'm disturbed by a trend that seems to be more commonplace lately, the “continued here” trend. I'll bet you've seen it too. The blog entry is comprised of two sentences or so (or even worse, just a teaser line) followed by “continued here” (or “more at” or something).

This is irritating because I'm subscribing to lots of blogs, nowadays, really too many to read continuously. So I'll browse 'em, leave 'em in mail folders (using Newsgator) and attempt to actually read them on planes. Well, “continued here” doesn't work without a network connection. Bummer. Was this invented for folks with short attention spans or (hopefully) just to get around limited bandwidth issues?

On a more constructive note, does anyone know how to make Newsgator (or any other blog reader) follow the “continued here”s and download them? I'm tempted to simply unsubscribe to these folks' blogs. Or is there simply some way to turn “continued here” off on a subscription by subscription basis? I must be missing something.

One of the things folks would always ask during the Ascend program was "anything new for application roles? do they support connection pooling yet?". Well, it the most recent CTP (June, July?) there is.

You can unset application roles now in addition to setting them. To unset you need to create a cookie, using an alternate form of sp_setapprole. It looks like this:

sp_addapprole 'myapp', 'StrongPW1'
GO

DECLARE @theCookie varbinary(256)
EXEC sp_setapprole 'myapp', 'StrongPW1',
     @fCreateCookie = true, @cookie = @theCookie OUTPUT
-- Check user, should be myapp
SELECT USER_NAME()
-- now, unset it
EXEC sp_unsetapprole @theCookie
-- Check user should be original user
SELECT USER_NAME()
GO

So does it now support connection pooling with ADO.NET or OLE DB/ODBC? I'd think the capability exists, but because this is a recent feature addition and they'd have to store the cookie in the pooling code somewhere, to use with sp_reset_connection, I don't think its built in yet. But, if you remember to store the cookie and unset it yourself...

In July 2004, encryption built-ins and key management had just been introduced in SQL Server 2005. Now its old news. They'll be a good-sized section about it in the book revision. You're probably heard of:

EncryptBy (Key/Certificate/PassPhrase) and
DecryptBy (Key/Certificate/PassPhrase)

But there's also the less well-known:

SignByAsymKey/SignByCert
VerifySignedByAsymKey/VerifySignedByCert
HashBytes

and also the aptly-named: DecryptByKeyAutoCert and DecryptByKeyAutoAsymKey

The "auto" versions are for convenience. When you're doing encryption or decryption, you have to remember to open the keys that have been used to encrypt the data you want to read. And to close them when you're done. The "Auto" versions do this for you, when you're decrypting, so you can provide a decrypting VIEW, for example. I'll have more to say about this soon.

While working on the new edition of our book for after RTM, I've been looking around for security features that I missed or that didn't exist when we wrote it (May 2004 and before). Here's one:

In SQL Server 2005, you can DISABLE a LOGIN by using ALTER LOGIN. You can also change the name of any LOGIN (including 'sa'), making things more like Windows security. You would change the name of the sa account to give hackers one more item to guess. Here's how.

ALTER LOGIN sa WITH NAME = fred
go

-- fred (sa) on vacation
ALTER LOGIN fred DISABLE
go

-- When the sa returns from vacation
ALTER LOGIN fred ENABLE
go

That's the question that folks ask a lot lately. See you at PDC?

It's not that I wouldn't *like* to go. It's that there's another 3-letter acronym in my life that week, OSF. No, that's not the Open Software Foundation, it's the Oregon Shakespeare Festival. Mary and I will be making our twice-yearly trek to Ashland to see some plays. We'll be seeing Twelfth Night and Loves Labor's Lost among others. They do Shakespeare and more, there's lots of contemporary plays. And they're so popular that to get good seats we buy 'em a year in advance.

And Microsoft never checks with me before they schedule these things....oh well. Two years ago, I missed the very first Ascend teach for OSF and I remember Dan (who taught it) writing an XML data type demo and an ObjectSpaces lab, using XML version of Shakespeare's plays as test data, just to be topical.

I will still be at SQLPass summit in Texas at the end of September. And Tech*Ed Hong Kong the week after. Doing pre-conference talks about...what else...SQL Server 2005 new features. And other talks (about SQL Server and about ADO.NET 2.0) as well. If you're in either neighborhood drop by. You can let me know what I missed at PDC. SQLskills will be well represented though, Kimberly will be there.

I've heard this around quite a bit lately, but I attend some conferences and follow a lot of newsgroups. If you haven't heard:

Database Mail (was also called SQLimail I beleive) the new SMTP mail service in SQL Server 2005 uses Service Broker as the underlying infrastructure. One of the reasons why is: scalibility - "Database mail provides background or asynchronous delivery". Also listed are security, reliability, and supportability. Hmmm...

That brings the number of internal features implemented using Service Broker to three.
1. Event notifications
2. Query notifications
3. Database mail

One slide I saw (I forget where offhand) said "look for more in future".

Ahh...enough shameless self-promotion (for a while), let's talk transactions.

I worked in the past with folks who like to compose transactions. SQL Server supports nesting of transactions and named savepoints but not autonomous transactions. So

CREATE PROCEDURE X
AS
BEGIN TRAN
-- work here
COMMIT

calling it standalone means the work is in a transaction. Calling it from procedure Y:

CREATE PROCEDURE Y
AS
BEGIN TRAN
-- other work here
EXECUTE X
COMMIT

doesn't start an autonomous transaction, the BEGIN TRAN in X merely ups @@TRANCOUNT by 1. Interesting things happen when you roll back X while its being called by Y.

I'd like to emulate this behavior in SQLCLR, i.e. have a procedure that acts like X, and can be used standalone or composed. I can do something akin to T-SQL (and get the interesting rollback behavior with a slightly different error number) using the BeginTransaction method on the context SqlConnection. I'd heard awhile ago that System.Transactions used inside of SQLCLR would "always do the right thing". AND because of the way promotable transactions work, it would compose a context SqlConnection in the SAME local transaction. A la T-SQL or SqlConnection.BeginTransaction().

It doesn't do this. If I have a SQLCLR proc that looks like this (condensed version):

public static void X {
using (TransactionScope ts = new TransactionScope())
using (SqlConnection conn = new SqlConnection("Context connection=true"))
{
  conn.Open();
  ts.Complete();
}
}

If SQLCLR X is used standalone, all well and good, local transaction. If SQLCLR X is called from procedure Y (above) then SqlConnection.Open() starts a *distributed* transaction. Apparently it HAS to be this way, at least for now, because of how TransactionScope works.

If you WANT a distributed transaction composed with your outer transaction (your SqlConnection is calling to another instance for example), USE TransactionScope, if you DON'T want one, use SqlConnection.BeginTransaction. It won't act any different from T-SQL (except you do get a different error number) if you roll back inside an inner transaction. But you get a nesting *local* transaction with BeginTransaction.

BTW just is case you wondered if SQLCLR X proc could do this:

using (TransactionScope ts = new TransactionScope(TransactionScopeOption.RequiresNew))

and go for that elusive "autonomous transaction", don't do it. You'll get a message saying "no autonomous transaction. Because SQL Server doesn't support autonomous on a single connection. SQLCLR or not. There is the two connection case, but that's a story for another day.

This was as compressed a blog entry as I could make it, but was still quite long. Any questions?

About how they work together. The panel is being held as a webcast, and they'll be some slides too. This is all taking place on September 22, and they'll be two separate iterations. If you've even wondered what the point of using the exactly coordinated CTPs together was (and whined about it), come and attend this panel and find out why it was worth it. For a hint, bring up your SQL Server 2005 box and look in C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell. Nuff said.

Here's the official invite:

Unleashing SQL’s True Potential With Visual Studio

Come join us for this interactive web seminar featuring discussions with SQL expert and recognized author, Bob Beauchemin of SQLskills, Microsoft SQL Server and Visual Studio product experts and Microsoft Gold partner, Dexterra. The panel will address how, when and why developers should use Visual Studio in conjunction with SQL server and its Management Studio product. Specifically, we’ll examine Visual Studio’s user-friendly ability to write, deploy, and debug .NET and T-SQL procedures, how Microsoft stacks up in this space against competitors like IBM and Oracle, and look at some real world examples illustrating how and why customers are leveraging these powerful tools together.

We now return you to our regularly scheduled technical content....

I received email today that it was OK to talk about this. Our book “A First Look At SQL Server 2005 For Developers” was selected as “Best SQL Server Book” by the readers of SQL Server Magazine. You can read a short blurb about it here. And if you're a subscriber, you can read the whole article about the awards from their main page.

Congrats to Dan, Niels, and the folks at A/W who made this possible.

About a week or two ago, there was a LONG discussion on the SQLCLR beta newsgroup about the fact that the IsNull property that you use on CLR UDTs won't return TRUE or FALSE inside the server. It returns FALSE or NULL. Turns out that, although you use this property to *indicate* to the engine that your instance is NULL (database NULL, not null reference/value), the engine will optimize things by storing the fact that your instance is NULL. And so, a method called on a NULL instance yields NULL.

This was posted by the SQL CLR team here with a workaround if you *really* wanted this to work right, even inside the server. The workaround was to decorate your IsNull get method with:

[SqlMethod(OnNullCall=true)]

I tried this, it didn't work any better. But it WILL work if you use the correct field on the SqlMethod attribute. It's

[SqlMethod(InvokeIfReceiverIsNull=true)]

The difference is OnNullCall indicates whether a method will be called if any of its input parameters are NULL. This (OnNullCall=false) allows you to use non-SqlTypes as method parameters in your .NET code and not crash if someone passes in a NULL value. InvokeIfReceiverIsNull indicates whether the method will be called if the instance of the class itself is NULL. Obviously, not null class (you can't call a method on a null reference, for example), but database NULL.

This does work as advertised:

CREATE TABLE UDTTab (theUDT sometype);
go
INSERT UDTTab VALUES(NULL);
go
SELECT COUNT(*) FROM UDTTab where theUDT IS NULL
SELECT COUNT(*) FROM UDTTab where theUDT.IsNull = 1
go

both counts return 1.

I suppose its much easier "best practice" to remember is always use the SQL IS NULL in SQL statements. Because it's FASTER. They don't have to instanciate all those NULL UDT instances, just to confirm that IsNull is, indeed, true. And mark your “get” method for those who forget.