book

Programming Microsoft® SQL Server® 2012

Name: Programming Microsoft® SQL Server® 2012
Author: Leonard Lobel and Andrew Brust
ISBN: 9780735671706

by Leonard Lobel and Andrew Brust

July 2012

Intermediate to advanced

816 pages

27h 38m

English

Microsoft Press

Read now

Unlock full access

Programming Microsoft® SQL Server® 2012
Dedication
Introduction
How Significant Is the SQL Server 2012 Release?
Who Should Read This Book
Assumptions
Who Should Not Read This Book
Organization of This Book
Core SQL Server DevelopmentGoing Beyond RelationalApplied SQL
Conventions and Features in This Book
System Requirements
Installing SQL Server Data Tools

Using the Book’s Companion Website
Code SamplesSample AdventureWorks DatabasesPrevious Edition Chapters
Errata & Book Support
We Want to Hear from You
Stay in Touch
Acknowledgements
I. Core SQL Server Development
1. Introducing SQL Server Data Tools
Introducing SSDT
Database Tooling Designed for DevelopersDeclarative, Model-Based DevelopmentConnected DevelopmentDisconnected DevelopmentVersioning and SnapshotsTargeting Different Platforms
Working with SSDT
Connecting with SQL Server Object ExplorerGathering New RequirementsUsing the Table Designer (Connected)Working Offline with a SQL Server Database ProjectTaking a SnapshotUsing the Table Designer (Offline Database Project)Introducing LocalDBRefactoring the DatabaseTesting and DebuggingComparing SchemasPublishing to SQL AzureAdopting SSDT
Summary
2. T-SQL Enhancements
Table-Valued Parameters
More Than Just Another Temporary Table SolutionSubmitting OrdersUsing TVPs for Bulk Inserts and UpdatesPassing TVPs Using ADO.NETPassing Collections to TVPs Using Custom IteratorsTVP Limitations
Date and Time Data Types
Separation of Dates and TimesMore Portable Dates and TimesTime Zone AwarenessDate and Time Accuracy, Storage, and FormatDate and Time Functions
The MERGE Statement
Defining the Merge Source and TargetThe WHEN MATCHED ClauseThe WHEN NOT MATCHED BY TARGET ClauseUsing MERGE for Table ReplicationThe WHEN NOT MATCHED BY SOURCE ClauseMERGE OutputChoosing a Join MethodMERGE DML Behavior
The INSERT OVER DML Syntax
A Filterable Alternative to OUTPUT…INTOConsuming CHANGES
The GROUPING SETS Operator
Rolling Up by LevelRolling Up All Level CombinationsReturning Just the Top LevelMixing and MatchingHandling NULL Values
Windowing (OVER Clause) Enhancements
Running AggregationsSliding AggregationsUsing RANGE versus ROWS
New T-SQL Functions in SQL Server 2012
New Analytic FunctionsNew Conversion FunctionsNew Date and Time FunctionsNew Logical FunctionsNew String FunctionsChanged Mathematical Function
The THROW Statement
Re-Throwing ExceptionsComparing THROW and RAISERROR
Server-Side Paging
Using ROW_NUMBERUsing OFFSET/FETCH NEXT
The SEQUENCE Object
Sequence Limitations
Metadata Discovery
Summary
3. Exploring SQL CLR
Getting Started: Enabling CLR Integration
Visual Studio/SQL Server Integration
SQL Server Database Projects in Visual StudioAutomated DeploymentSQL CLR Code Attributes
Your First SQL CLR Stored Procedure
CLR Stored Procedures and Server-Side Data Access
Piping Data with SqlDataRecord and SqlMetaData
Deployment
Getting ReadyDeploying Your AssemblyDeploying Your Stored ProceduresTesting Your Stored Procedures
CLR Functions
CLR Triggers
CLR Aggregates
SQL CLR Types
Security
Examining and Managing CLR Types in a Database
Best Practices for SQL CLR Usage
Summary
4. Working with Transactions
What Is a Transaction?
Understanding the ACID Properties
Local Transaction Support in SQL Server
Autocommit Transaction ModeExplicit Transaction ModeNested TransactionsSavepointsImplicit Transaction ModeBatch-Scoped Transaction ModeMARS and TransactionsMARS and Savepoints
Isolation Levels
Read Uncommitted Isolation LevelRead Committed Isolation LevelRepeatable Read Isolation LevelSerializable Isolation LevelSnapshot Isolation LevelRead Committed Snapshot Isolation LevelIsolation Levels in ADO.NETSetting the Isolation Level for Explicit ADO.NET TransactionsSetting the Isolation Level for Implicit ADO.NET Transactions
Distributed Transactions
Distributed Transaction TerminologyResource ManagerTransaction Manager or Transaction CoordinatorTwo-Phase CommitRules and Methods of EnlistmentVolatile EnlistmentDurable EnlistmentPromotable Single-Phase EnlistmentDistributed Transactions in SQL ServerDistributed Transactions in the .NET FrameworkWriting Your Own Resource ManagerUsing a Resource Manager in a Successful TransactionUsing the Resource Manager When the Caller Issues a RollbackUsing the Resource Manager When It Issues a RollbackUsing the Resource Manager with Another Resource Manager
Transactions in SQL CLR (CLR Integration)
Putting It All Together
Summary
5. SQL Server Security
Four Themes of the Security Framework
Secure by DesignSecure by DefaultSecure by DeploymentSecure Communications
SQL Server Security Overview
SQL Server LoginsDatabase UsersThe guest User Account
Authentication and Authorization
How Clients Establish a ConnectionPassword PoliciesUser-Schema SeparationExecution Context
Encryption Support
Encrypting Data on the MoveEncrypting Data at RestTransparent Data EncryptionCreating Keys and Certificates for TDEEnabling TDEBacking Up the CertificateRestoring an Encrypted Database
SQL Server Audit
Creating an Audit ObjectAuditing OptionsQUEUE_DELAYON_FAILUREAUDIT_GUIDSTATERecording Audits to the File SystemFILEPATHMAXSIZEMAX_ROLLOVER_FILESMAX_FILESRESERVE_DISK_SPACERecording Audits to the Windows Event LogAuditing Server EventsAuditing Database EventsViewing Audited EventsQuerying Audit Catalog Views
Partially Contained Databases
Creating a Partially Contained DatabaseCreating a Contained UserOther Partially Contained Database FeaturesUncontained Entities ViewCollations and tempdb
How Hackers Attack SQL Server
Direct Connection to the InternetWeak System Administrator Account PasswordsSQL Server Browser ServiceSQL InjectionIntelligent Observation
Summary
II. Going Beyond Relational
6. XML and the Relational Database
Character Data as XML
The xml Data Type
Working with the xml Data Type as a VariableWorking with XML in TablesXML Schema Definitions (XSDs)SQL Server Schema CollectionsLax ValidationUnion and List TypesXML Indexes
FOR XML Commands
FOR XML RAWFOR XML AUTOFOR XML EXPLICIT
Additional FOR XML Features
The TYPE OptionFOR XML PATHEmitting a ROOT ElementProducing an Inline XSD SchemaProducing Element-Based XML
Shredding XML Using OPENXML
Querying XML Data Using XQuery
Understanding XQuery Expressions and XPathXPath ExpressionsFLWOR ExpressionsSQL Server XQuery in Actionxml.existxml.valuexml.queryXML DMLxml.modify(insert)xml.modify(delete)xml.modify(replace)
Summary
7. Hierarchical Data and the Relational Database
The hierarchyid Data Type
Creating a Hierarchical Table
The GetLevel Method
Populating the Hierarchy
The GetRoot MethodThe GetDescendant MethodThe ToString MethodThe GetAncestor Method
Hierarchical Table Indexing Strategies
Depth-First IndexingBreadth-First Indexing
Querying Hierarchical Tables
The IsDescendantOf Method
Reordering Nodes within the Hierarchy
The GetReparentedValue MethodTransplanting Subtrees
More hierarchyid Methods
Summary
8. Native File Streaming
Traditional BLOB Strategies
BLOBs in the DatabaseBLOBs in the File System
Introducing FILESTREAM
Enabling FILESTREAM
Enabling FILESTREAM for the MachineEnabling FILESTREAM for the Server Instance
Creating a FILESTREAM-Enabled Database
Creating a Table with FILESTREAM Columns
Storing and Retrieving FILESTREAM Data
Deleting FILESTREAM Data
Direct Streaming in .NET with SqlFileStream
Understanding SqlFileStreamBuilding the Windows Forms ClientProgramming SqlFileStream Data AccessCreating a Streaming HTTP ServiceBuilding a WPF Client
FILESTREAM Limitations and Considerations
Introducing FileTable
Creating a FileTableManipulating a FileTable
Searching Documents
Summary
9. Geospatial Support
SQL Server Spaces Out
Spatial Models
Planar (Flat-Earth) ModelGeodetic (Ellipsoidal Sphere) Model
Spatial Data Standards
Importing Well-Known Text (WKT)The STGeomFromText and STxxxFromText MethodsImporting WKBThe STGeomFromWKB and STxxxFromWKB MethodsImporting Geography Markup Language (GML)The GeomFromGml Method
Spatial Data Types
Working with geometryThe STBuffer MethodThe STCentroid and STEnvelope MethodsThe STIntersects and STIntersection MethodsThe STDimension MethodThe STUnion, STDifference, and STSymDifference MethodsWorking with geographyOn Your Mark …The STArea and STLength MethodsSpatial Reference IDsBuilding Out the EventLibrary DatabaseCreating the Event Media Client ApplicationThe STDistance Method
Spatial Enhancements in SQL Server 2012
New Spatial Data ClassesCircular StringsCompound CurvesCurve PolygonsNew Spatial MethodsThe STNumCurves and STCurveN MethodsThe BufferWithCurves MethodThe ShortestLineTo MethodThe MinDbCompatibilityLevel MethodThe STCurveToLine and CurveToLineWithTolerance MethodsThe STIsValid, IsValidDetailed, and MakeValid MethodsOther EnhancementsSupport for geography Instances Exceeding a Logical HemisphereFull Globe SupportNew “Unit Sphere” Spatial Reference IDBetter Precision
Integrating with Microsoft Bing Maps
Summary
III. Applied SQL
10. The Microsoft Data Access Juggernaut
.NET Data Access Evolution
Preparing the Sample Database
Monitoring Database Activity with SQL Server Profiler
Conventional ADO.NET
Using the Raw Data Access ObjectsCreating Connections and CommandsUsing ParametersCalling Stored ProceduresIterating Data ReadersReturning Scalar ValuesBatching Updates with TransactionsWorking with DataSetsGeneric Versus Strongly Typed DataSetsFilling and Updating a Generic DataSetBuilding Strongly Typed DataSetsMapping Stored Procedures to the Typed DataSet
Language-Integrated Query (LINQ)
LINQ to DataSetQuerying a Generic DataSetQuerying a Strongly Typed DataSet
Object Relational Modeling (ORM) Comes to .NET
Multiple ORM Offerings from RedmondLINQ to SQL: Then and NowEntity Framework: Now and in the FutureBuilding an Entity Data Model (EDM)Using LINQ to EntitiesMapping Stored Procedures to the EDMSaving Entity ChangesObject Context Lazy Loading and Change TrackingThe EF n-Tier ChallengeResolving Impedance MismatchWorking with Many-to-Many RelationshipsExploring the Entity SQL AlternativeWorking with EntityClient
Summary
11. WCF Data Access Technologies
Defining Services
WCF Data Access Options
WCF Data Services
Building a WCF Data ServiceCreating the Entity Data ModelTesting WCF Data Services with Internet ExplorerBuilding Client Applications for WCF Data ServicesBuilding a Test ClientBuilding a Data Entry ClientExtending WCF Data ServicesCreating Custom Service OperationsOverriding Service MethodsWriting Interceptors
WCF RIA Services
Establishing a WCF RIA Services LinkCreating the Entity Data ModelBuilding the Domain Service and Metadata ClassesThe Metadata ClassesThe Domain Service ClassBuilding the Silverlight ClientInspecting the .NET Framing Protocol with FiddlerTesting the Complete WCF RIA Services Solution
Making the Right WCF Data Access Choice
Summary
12. Moving to the Cloud with SQL Azure
History
But What Is SQL Azure?
Why the Limitations?PricingThe First One’s Free
Getting Set Up
Beyond the PrerequisitesProvisioning Your ServerConfiguring the Administrative User and FirewallProvisioning Your Database
Managing Your Database
Creating Tables and Entering DataQuerying in the BrowserIndex DesignManagement and VisualizationsConnecting from Down Below
Migrating and Syncing Between Earth and Cloud
DACPACs to the RescueExtract, Deploy, Export, and Import DAC filesSQL Server Management StudioSQL Server Data ToolsWindows Azure Management PortalSQL Azure Management PortalScenariosNew Deployment to SQL AzureFrom SSDTFrom SSMSFrom the SQL Azure Management PortalDeploy Update to SQL AzureMigration from SQL Server to SQL AzureSSDTSSMSMigration from SQL Azure to SQL Server
SQL Azure Federations
A SQL Azure Federations LexiconCreating a FederationFederated TablesUsing a Federation MemberSplitting and Dropping Federation MembersCentral Tables and Reference TablesFan-Out Queries and Multi-TenancyFederations Support in SSMS and SSDTFederations Make Sense in the Cloud
SQL Azure Reporting
ProvisioningReport AuthoringDeploying ReportsGetting Your Bearings
Summary
13. SQL Azure Data Sync and Windows Phone 7 Development
Characteristics of an Occasionally Connected System
Data Management
Getting to Know SQL Azure Data Sync
Capabilities and FeaturesData Sync TerminologySync GroupsSynchronizationConflict ResolutionThe Client Sync AgentSQL Azure Data Sync ConsiderationsData Sync SecurityPerformance and Costs
Creating an Occasionally Connected System
The FlixPoll ApplicationThe FlixPoll ApplicationCreating the FlixPoll Databases
Prerequisites
Configuring SQL Azure Data Sync
Provisioning the SQL Azure Data Sync ServerCreating the Sync GroupStep 1: Name the Sync GroupStep 2: Add the On-Premise DatabaseStep 3: Select the SQL Azure Hub DatabaseStep 4: Configuring Sync Schedule and Conflict ResolutionStep 5: Define the DatasetStep 6: Deploying the Sync Group
Hosting WCF Data Services in Windows Azure
About Windows AzureCreating the FlixPoll SolutionAdding the FlixPoll Data ServiceAdding the Entity Data ModelCreating the FlixPoll ClientCreating the ViewUnderstanding the Model-View-ViewModel (MVVM) PatternModifying the App Class
Consuming OData on Windows Phone
SQL Server on the PhoneLINQ to SQL Strikes BackSecuring Local DataCreate the SQL CE DatabaseIssuing LINQ to SQL Queries Against SQL CERunning Against a Local WCF Data ServiceDeploying to Windows Azure
Summary
14. Pervasive Insight
The Microsoft BI Stack: What’s It All About?
Master Data Services
Data Quality Services
Integration Services
SQL Server RDBMS, Fast Track DW, and SQL Server PDW
Data Marts and Data WarehousesThe Star SchemaSQL Server Data Warehouse Appliances
Analysis Services
The Multidimensional EnginePowerPivot and SSAS Tabular ModeData Mining
Power View
Reporting Services
Report PartsAlertingDashboard Components
Excel and Excel Services
Using Excel Services
PerformancePoint Services
StreamInsight
SQL Server Editions and SharePoint Version Requirements
Summary
15. xVelocity In-Memory Technologies
Column Store Databases
Column Store Tech in the BI Industry
xVelocity in the RDBMS: Columnstore Indexes
Building a Columnstore IndexWhat You Can’t DoHow Columnstore Indexes Work
xVelocity for Analysis: PowerPivot and SSAS Tabular Models
Clearing Up the Analysis Services VocabularyThe Lowdown on BISMFriends, Countrymen, Bring Me Your DataBuilding the BISMDial M for ModelingCalculated ColumnsAnalysis in Excel, Using Data from ExcelIt’s All about RelationshipsModeling, Part DeuxCreating MeasuresBuilding KPIsHierarchies Come to BISMFinishing TouchesExploring Advanced ModeQuerying in ExcelPowerPivot for SharePointMoving to SSAS TabularRole-Based SecurityPartitionsMoving to DirectQuerySSAS DeploymentMaking the ConnectionPower View Here We ComeBuilding the Report
Welcome Back to VertiPaq
Summary
A. About the Authors
Index
About the Authors
Copyright

Content preview from Programming Microsoft® SQL Server® 2012

Chapter 5. SQL Server Security

Leonard Lobel

Security requirements are often dealt with far too late in the development process. This approach can have severe ramifications on your application’s design and integrity. Without a clear, up-front understanding of what your security concerns are, and how Microsoft SQL Server security features can be leveraged to address those concerns, you risk wasting significant resources redesigning your architecture (or worse, exposing serious vulnerability to the system).

This chapter explains how SQL Server security works, beginning with the basic concepts of logins, users, roles, and schemas. We then explore advanced SQL Server security features, including the various ways you can implement encryption and auditing. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Beginning Microsoft® SQL Server® 2012 Programming

Publisher Resources

ISBN: 9780735671706Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Programming Microsoft® SQL Server® 2012

by Leonard Lobel and Andrew Brust

Chapter 5. SQL Server Security

Leonard Lobel

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

Beginning Microsoft® SQL Server® 2012 Programming

Microsoft® SQL Server™ 2000 Programming by Example

Inside Microsoft® SQL Server® 2008: T-SQL Programming

Microsoft® SQL Server® 2012 Step by Step

Publisher Resources