Mastodawn

Blog post from the past:
In which I go over potential reasons for why some special characters end up corrupted and displayed as question marks, squares or something completely different in SQL Server.
https://vladdba.com/2024/10/04/characters-question-marks-squares-sql-server/
#sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba

Characters displayed as question marks or squares in SQL Server

In this post I'm going over potential reasons why some characters end up displayed as question marks or squares in SQL Server.

VladDBA

Vlad Apr 28

New blog post:
My guideline on how to handle and test SQL Server backups to ensure their viability and avoid a "Schrödinger's backup" scenario.
https://vladdba.com/2026/04/23/test-sql-server-backups-schrodingers-backups/
#sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql #azure

Test SQL Server backups to avoid Schrödinger's backups

This post is my guideline on how to handle and test SQL Server backups to ensure their viability and avoid a "Schrödinger's backup" scenario.

VladDBA

Vlad Apr 27

Recently updated post:
In which I discuss the risks of improperly configured SQL Server linked server connections and provide recommendations for securing them.
Now with a query to identify improperly configured linked server connections.
https://vladdba.com/2023/07/10/securing-sql-server-linked-servers/
#sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #security

Securing SQL Server linked servers

In this post I address improper security configurations and their impact, as well as recommendations for securing SQL Server linked servers.

VladDBA

Vlad Apr 16

New blog post:
I demo cracking SQL Server 2025 login passwords offline.
hashcat is currently the only viable tool for auditing SQL Server 2025 login passwords.

The results show how #PBKDF2 slows down brute-force attacks both inside and outside of SQL Server compared to the pre-2025 hashing algorithm.

Full methodology, benchmarks, and code included.
https://vladdba.com/2026/04/16/cracking-sql-server-2025-login-passwords-offline-with-hashcat/
#sqlserver #sqldba #microsoftsqlserver #hashcat #cybersecurity #infosec #sql

Cracking SQL Server 2025 login passwords offline with hashcat

In this blog post I demo cracking SQL Server 2025 login passwords offline with hashcat, including the current stable release (7.1.2).

VladDBA

Vlad Apr 15

New blog post:
In which I go over three points that are vital in preventing SQL injection when working with dynamic T-SQL.
https://vladdba.com/2026/04/15/dynamic-t-sql-sql-injection-quotename-executesql/
#sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

Using dynamic T-SQL? Parametrization alone can't prevent SQL injection

In this post I'll go over three points that are vital in preventing SQL injection when working with dynamic T-SQL.

VladDBA

Vlad Apr 14

New blog post:
My second contribution to T-SQL Tuesday, about a session that got me interested into the security side of things.
https://vladdba.com/2026/04/14/t-sql-tuesday-197-impactful-session-dba-career/
#sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql #tsql2sday

T-SQL Tuesday #197 - An impactful session changed my DBA career

My second time participating in T-SQL Tuesday, Steve Hughes‘s invitation about an impactful session from a conference brought back memories.

VladDBA

Vlad Apr 13

New blog post:
In which I provide some examples as to why FLOAT isn’t the best option for storing exact financial data in SQL Server.
https://vladdba.com/2026/04/11/stop-using-float-for-financial-data-sql-server/
#sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

PSA: Stop using FLOAT to store financial data in SQL Server

In this post I provide some examples as to why FLOAT isn't the best option for storing exact financial data in SQL Server.

VladDBA

Vlad Apr 9

Blog post from the past:
In which I demo two PoCs for SQL injection vulnerabilities fixed in SQL Server 2022 CU20 GDR KB5063814
https://vladdba.com/2025/08/29/poc-sql-injection-sql-server-2022-cu20-gdr-kb5063814/
#sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

PoCs for two SQL Injection vulnerabilities fixed in SQL Server 2022 GDR KB5063814

In this post I demo two PoCs for SQL injection vulnerabilities fixed in SQL Server 2022 CU20 GDR KB5063814

VladDBA

Vlad Apr 7

I've noticed today that Microsoft Bing Webmaster Tools has a new "AI Performance" tab.
Apparently, my SSMS 22 config blog post has been cited by "Microsoft Copilots and Partners" a total of 284.7K times since I've published it ~6 months ago. Pretty neat, although this doesn't really translate into visits.

Link to blog post: https://vladdba.com/2025/11/16/my-sql-server-management-studio-22-configuration/

#sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql

Vlad Mar 24

Latest release of PSBlitz:
- New GUI mode
- Google Cloud SQL & SQL Server 2025 compatibility
- Overhauled HTML reports - Dark theme, better accessibility, improved UX
- New Query Store pages in HTML/Excel reports
- Updated resources
https://vladdba.com/2026/03/23/psblitz-v6-0-0-gui-mode-dark-mode-google-cloud-sql-support/
#sqlserver #sqldba #powershell #microsoftsqlserver #dba #PSBlitz

PSBlitz v6.0.0: GUI Mode, HTML Overhaul, and Google Cloud SQL Support

The latest release of PSBlitz (6.0.0) is finally out and it brings GUI Mode, Dark Mode, Google Cloud SQL Support, and updated resources.

VladDBA