Expert SQL Server 2005 Development
CYAN MAGENTA YELLOW BLACK PANTONE 123 C Books for professionals by professionals ® Expert SQL Server 2005 Development Dear Reader, Pro SQL Server 2005 MCTS Self-Paced Training Kit (Exam 70-431): Microsoft SQL Server 2005 Implementation and Maintenance Steven Hemingray Software Design Engineer in Test Microsoft SQL Server Engine Programmability Team Companion eBook Best regards, Adam Machanic, MCITP, Microsoft SQL Server MVP THE APRESS ROADMAP Beginning SQL Server 2005 for Developers See last page for details on $10 eBook version www.apress.com Pro T-SQL 2005 Programmer’s Guide Pro SQL Server 2005 Beginning SQL Server 2005 Express Foundations of SQL Server 2005 Business Intelligence Expert SQL Server 2005 Development ISBN-13: 978-1-59059-729-3 ISBN-10: 1-59059-729-X 54999 US $49.99 Machanic SOURCE CODE ONLINE Pro SQL Server 2005 Database Design and Optimization Expert 2005 Development “With a balanced and thoughtful approach, Adam Machanic provides expertlevel tips and examples for complex topics in CLR integration that other books simply avoid Adam is able to combine his CLR knowledge with years of SQL Server expertise to deliver a book that is not afraid to go beyond the basics.” Companion eBook Available SQL Server Coauthor of As you flip through the various SQL Server books on the bookstore shelf, you ever wonder why they don’t seem to cover anything new or different—that is, stuff you don’t already know and can’t get straight from Microsoft’s documentation? My goal in writing this book was to cover topics that are not readily available elsewhere and are suitable for advanced SQL Server developers—the kind of people who have already read Books Online in its entirety but are always looking to learn more While building on the skills you already have, this book will help you become an even better developer by focusing on best practices and demonstrating how to design high-performance, maintainable database applications This book starts by reintroducing the database as an integral part of the software development ecosystem You’ll learn how to think about SQL Server development as you would any other software development For example, there’s no reason you can’t architect and test database routines just as you would architect and test application code And nothing should stop you from implementing the types of exception handling and security rules that are considered so important in other tiers, even if they are usually ignored in the database You’ll learn how to apply development methodologies like these to produce high-quality encryption and SQLCLR solutions Furthermore, you’ll discover how to exploit a variety of tools that SQL Server offers in order to properly use dynamic SQL and to improve concurrency in your applications Finally, you’ll become well versed in implementing spatial and temporal database designs, as well as approaching graph and hierarchy problems I hope that you enjoy reading this book as much as I enjoyed writing it I am honored to be able to share my thoughts and techniques with you The EXPERT’s VOIce ® in SQL Server Programming Expert SQL Server 2005 Development Advanced SQL Server techniques for database professionals “The authors of this book are well-known in the SQL Server community for their in-depth architectural analysis and attention to technical detail I recommend this book to anyone who wants to explore SQL Server solutions to some common and some not-so-common data storage and access problems.” —Bob Beauchemin, Director of Developer Skills, SQLskills Adam Machanic with Hugo Kornelis and Lara Rubbelke Foreword by AP Ward Pond Technology Architect, Microsoft SQL Server Center of Excellence Shelve in SQL Server User level: Intermediate–Advanced 781590 597293 this print for content only—size & color not accurate spine = 0.894" 472 page count CH00FMFINAL.qxd 4/20/07 4:19 PM Page i Expert SQL Server 2005 Development Adam Machanic with Hugo Kornelis and Lara Rubbelke CH00FMFINAL.qxd 4/20/07 4:19 PM Page ii Expert SQL Server 2005 Development Copyright © 2007 by Adam Machanic, Hugo Kornelis, Lara Rubbelke All rights reserved No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher ISBN-13 (pbk): 978-1-59059-729-3 ISBN-10 (pbk): 1-59059-729-X Printed and bound in the United States of America Trademarked names may appear in this book Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark Lead Editor: James Huddleston Technical Reviewer: Greg Low Editorial Board: Steve Anglin, Ewan Buckingham, Gary Cornell, Jason Gilmore, Jonathan Gennick, Jonathan Hassell, James Huddleston, Chris Mills, Matthew Moodie, Jeffrey Pepper, Dominic Shakeshaft, Matt Wade Senior Project Manager: Tracy Brown Collins Copy Edit Manager: Nicole Flores Copy Editor: Ami Knox Assistant Production Director: Kari Brooks-Copony Senior Production Editor: Laura Cheu Compositor and Artist: Kinetic Publishing Services, LLC Proofreader: Elizabeth Berry Indexer: Beth Palmer Cover Designer: Kurt Krames Manufacturing Director: Tom Debolski Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013 Phone 1-800-SPRINGER, fax 201-348-4505, e-mail orders-ny@springer-sbm.com, or visit http://www.springeronline.com For information on translations, please contact Apress directly at 2560 Ninth Street, Suite 219, Berkeley, CA 94710 Phone 510-549-5930, fax 510-549-5939, e-mail info@apress.com, or visit http://www.apress.com The information in this book is distributed on an “as is” basis, without warranty Although every precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work The source code for this book is available to readers at http://www.apress.com in the Source Code/Download section A companion web site for this book, containing updates and additional material, can be accessed at http://www.expertsqlserver2005.com CH00FMFINAL.qxd 4/20/07 4:19 PM Page iii To Kate: Thanks for letting me disappear into the world of my laptop and my thoughts for so many hours over the last several months Without your support I never would have been able to finish this book And now you have me back until I write the next one —Adam Machanic CH00FMFINAL.qxd 4/20/07 4:19 PM Page iv CH00FMFINAL.qxd 4/20/07 4:19 PM Page v Contents at a Glance Foreword xiii About the Authors xv About the Technical Reviewer xvii Acknowledgments xix Introduction xxi ■ CHAPTER Software Development Methodologies for the Database World ■ CHAPTER Testing Database Routines 23 ■ CHAPTER Errors and Exceptions 47 ■ CHAPTER Privilege and Authorization 73 ■ CHAPTER Encryption 91 ■ CHAPTER SQLCLR: Architecture and Design Considerations 133 ■ CHAPTER Dynamic T-SQL 169 ■ CHAPTER Designing Systems for Application Concurrency 209 ■ CHAPTER Working with Spatial Data 251 ■ CHAPTER 10 Working with Temporal Data 315 ■ CHAPTER 11 Trees, Hierarchies, and Graphs 375 ■ INDEX 439 v CH00FMFINAL.qxd 4/20/07 4:19 PM Page vi CH00FMFINAL.qxd 4/20/07 4:19 PM Page vii Contents Foreword xiii About the Authors xv About the Technical Reviewer xvii Acknowledgments xix Introduction xxi ■ CHAPTER Software Development Methodologies for the Database World Architecture Revisited Coupling, Cohesion, and Encapsulation Interfaces The Central Problem: Integrating Databases and Object-Oriented Systems Where Should the Logic Go? The Object-Relational Impedance Mismatch 12 ORM: A Solution That Creates Many Problems 17 Introducing the Database-as-API Mindset 18 The Great Balancing Act 19 Testability 19 Maintainability 19 Security 20 Performance 21 Creeping Featurism 21 Summary 22 ■ CHAPTER Testing Database Routines 23 Introduction to Black Box and White Box Testing 23 Unit and Functional Testing 24 Unit Testing Frameworks 26 The Importance of Regression Testing 29 vii CH00FMFINAL.qxd viii 4/20/07 4:19 PM Page viii ■CONTENTS Guidelines for Implementing Database Testing Processes and Procedures 30 Why Is Testing Important? 30 What Kind of Testing Is Important? 31 How Many Tests Are Needed? 31 Will Management Buy In? 32 Performance Testing and Profiling Database Systems 33 Capturing Baseline Metrics 33 Profiling Using Traces and SQL Server Profiler 34 Evaluating Performance Counters 36 Big-Picture Analysis 37 Granular Analysis 38 Fixing Problems: Is Focusing on the Obvious Issues Enough? 40 Introducing the SQLQueryStress Performance Testing Tool 40 Summary 45 ■ CHAPTER Errors and Exceptions 47 Exceptions vs Errors 47 How Exceptions Work in SQL Server 48 Statement-Level Exceptions 48 Batch-Level Exceptions 49 Parsing and Scope-Resolution Exceptions 50 Connection and Server-Level Exceptions 52 The XACT_ABORT Setting 52 Dissecting an Error Message 53 SQL Server’s RAISERROR Function 56 Monitoring Exception Events with Traces 60 Exception Handling 60 Why Handle Exceptions in T-SQL? 60 Exception “Handling” Using @@ERROR 61 SQL Server’s TRY/CATCH Syntax 62 Transactions and Exceptions 68 The Myths of Transaction Abortion 68 XACT_ABORT: Turning Myth into (Semi-)Reality 69 TRY/CATCH and Doomed Transactions 71 Summary 72 CH00FMFINAL.qxd 4/20/07 4:19 PM Page ix ■CONTENTS ■ CHAPTER Privilege and Authorization 73 The Principle of Least Privilege 74 Creating Proxies in SQL Server 74 Data Security in Layers: The Onion Model 75 Data Organization Using Schemas 76 Basic Impersonation Using EXECUTE AS 79 Ownership Chaining 81 Privilege Escalation Without Ownership Chains 83 Stored Procedures and EXECUTE AS 83 Stored Procedure Signing Using Certificates 85 Summary 89 ■ CHAPTER Encryption 91 What to Protect 92 Encryption Terminology: What You Need to Know 93 SQL Server 2005 Encryption Key Hierarchy 94 Service Master Key 95 Database Master Key 95 SQL Server 2005 Data Protection 97 HashBytes() 97 Asymmetric Key and Certificate Encryption 98 Symmetric Key Encryption 101 EncryptByPassphrase 108 Securing Data from the DBA 109 Architecting for Performance 111 Setting Up the Solution and Defining the Problem 112 Searching Encrypted Data 116 Summary 131 ■ CHAPTER SQLCLR: Architecture and Design Considerations 133 Bridging the SQL/CLR Gap: the SqlTypes Library 134 Wrapping Code to Promote Cross-Tier Reuse 135 A Simple Example: E-Mail Address Format Validation 135 SQLCLR Security and Reliability Features 137 The Quest for Code Safety 140 Selective Privilege Escalation via Assembly References 141 Granting Cross-Assembly Privileges 148 Enhancing Service Broker Scale-Out with SQLCLR 151 ix 729Xch11.qxd 4/20/07 11:06 AM Page 435 CHAPTER 11 ■ TREES, HIERARCHIES, AND GRAPHS ■ Note The maximum trigger nesting level in SQL Server is 32 If your triggers nest deeper than that, an exception will be thrown and your transaction will be rolled back On a related note, you should be aware that in SQL Server 2000, the recursive triggers database option was disabled by default In SQL Server 2005, on the other hand, the option is turned on by default Make sure to check during upgrade projects to ensure that this change will not cause unintended side effects when your triggers fire Deleting Nodes As shown in Figure 11-22, deleting a node from a nested sets hierarchy is quite simple—much more straightforward than either inserting new nodes or relocating a subtree The only logic required is to update all rows with right values greater than the deleted node’s right value, decrementing the nodes’ right values by 2, and the nodes’ left values by if their left values are greater than the deleted node’s right value Figure 11-22 Deleting a node in a nested sets hierarchy The following trigger contains the logic required to handle node deletions in a nested sets hierarchy: CREATE TRIGGER tg_DELETE ON Employee_Temp FOR DELETE AS BEGIN SET NOCOUNT ON IF @@ROWCOUNT > BEGIN RAISERROR('Only one row can be deleted at a time.', 16, 1) ROLLBACK END Get the deleted right value DECLARE @right int 435 729Xch11.qxd 436 4/20/07 11:06 AM Page 436 CHAPTER 11 ■ TREES, HIERARCHIES, AND GRAPHS SELECT @right = rgt FROM deleted Update the rest of the nodes in the hierarchy UPDATE Employee_Temp SET lft = lft CASE WHEN lft > @right THEN ELSE END, rgt = rgt - WHERE rgt >= @right END GO Constraining the Hierarchy In nested sets hierarchies, because no recursion is used for querying, cycles cannot cause runtime problems—although they can cause strange results It is therefore recommended that if you use the nested sets model, you should keep all of the same constraints on the table that were defined in the section on constraining adjacency list hierarchies That way, you can be certain that your hierarchy does not contain any invalid data EXTENDING YOUR HIERARCHIES: MAINTAINING A NODE’S LEVEL A common reporting requirement with hierarchies is to show which nodes appear at which level of the hierarchy, often in relation to another node For instance, someone might want to ask how many levels away a certain employee is from the CEO When working with adjacency lists, the hierarchy must be traversed level by level via recursion or iteration, so calculation of the level at run time is easy However, you might want to maintain the level for each node when working with materialized path or nested sets hierarchies, in order to make these kinds of queries simpler Adding a level column to a materialized path hierarchy is quite easy: simply add a computed column that counts the number of delimiters in the path If you’ll be using the level column in a lot of queries, I recommend using the PERSISTED option in order to ensure that SQL Server only needs to count the delimiters once: ALTER TABLE Employee_Temp ADD theLevel AS ( LEN(thePath) LEN(REPLACE(thePath, '.', '')) ) PERSISTED 729Xch11.qxd 4/20/07 11:06 AM Page 437 CHAPTER 11 ■ TREES, HIERARCHIES, AND GRAPHS The expression works by finding the length of the path, and then subtracting it from the length of the path after converting all of the delimiters to empty strings Adding a level column to a nested sets table isn’t quite as simple Although there are a variety of ways to find the level using the nested sets hierarchy itself, in my opinion it’s much simpler to traverse up the hierarchy via the adjacency list and count the number of recursions This logic can be added to the nested sets update trigger so that the updated node is counted first, and then the new level cascaded down the subtree I’ll leave implementation of that enhancement as an exercise for the reader Summary Graphs and hierarchies are extremely common throughout our world, and it is often necessary to represent them in databases By utilizing adjacency lists, you can describe virtually any graph’s form, and recursive CTEs allow you to navigate graphs with relative ease Hierarchies— special types of graphs—can also be modeled using adjacency lists, but other techniques can be employed to make querying them much more efficient, without the need for recursion or iteration There are a lot of ways to solve hierarchical problems, but in the end it comes down to the best choice for the given scenario you’re faced with As always, the most important thing you can as a developer is to carefully consider your options, testing whenever possible to find the optimal solution 437 729Xch11.qxd 4/20/07 11:06 AM Page 438 729XchIDX.qxd 4/20/07 3:43 PM Page 439 Index Symbols % Processor Time counter, 36 @@ERROR, 61–62 A access control, 74–75, 79–81, 138 Access Control Lists (ACLs), 74 acyclic graphs, 375–376 ad hoc SQL, 169–171 Adabas database management system, ADD SIGNATURE command, 86 adjacency list model (hierarchies) See also nested sets model; persistent materialized paths constraining, 392, 407–409, 422 deleting nodes, 406, 422 described, 377, 391–392 edges, constraining, 378–380 finding ancestors, 412–413 finding descendants, 393–395, 404–405, 411 inserting new nodes, 405–406, 418–419 modeling connections, 392 relocating subtrees, 405–406, 419–421 traversing, 392, 395–397, 399–404, 422 ADO.NET for unit testing, 27 Advanced SQL Programming (Celko), 422 age, calculating, 328 aggregates, user-defined, 162–167 Agile Development for regression testing, 30 AllowPartiallyTrustedCallersAttribute (APTCA), 150 ALTER AUTHORIZATION command, 78 ALTER DATABASE command, 82, 148 ALTER SCHEMA command, 78 altitude, 312 anarchic concurrency control, 210–211, 216 ancestor relationships, 377 anti-patterns, 19 APIs (application programming interfaces), 18–19 application logic, 12 application-level parameterization, 175–177 applications See also performance; testing, application architecture, 2–5, 8–9, 10, 12–13, 20 database role in, 19 development, 19–21, 23 hierarchy, 9–10 interfaces, 18–19 maintainability, 19–20 size, 33 types, APTCA (AllowPartiallyTrustedCallersAttribute), 150 AS keyword for creating column aliases, Aschenbrenner, Klaus, 225 as-of data component, 316 assemblies, 137–143, 145–147, 148–150 Assert method (IStalkWalk interface), 146–147 assertions, debug, 26–27 astronomical spatial data, 312 asymmetric encryption See also asymmetric keys advantages, 101 controlling data by column, 106 defined, 94 described, 98–99 drawbacks, 101 key management, 95 performance, 108, 111, 117 service master keys in, 95 uses, 101 asymmetric keys, 96, 98–100, 101 authentication, 31, 73, 75 See also message authentication code authorization See also certificates; privileges, resource access control, 74–75, 79–81, 138 defined, 73 developer's concerns, 73 in dynamic SQL, 204–205 ownership chaining, 77, 81–85 testing, 31 auto-parameterization, query, 174–175 Average Wait Time (ms) counter, 37 Avg Disk Queue Length counter, 36 B baseline performance tests, 34 “Batch Compilation, Recompilation, and Plan Caching Issues in SQL Server 2005” (Marathe), 173 benchmarking, 280 See also performance 439 729XchIDX.qxd 440 4/20/07 3:43 PM Page 440 ■INDEX binary encoding for holding nodes in a path, 399, 413–414 bitemporal data, 316, 371–373 See also offset transactions; temporal data black box testing, 23–24 blocking, 210 See also concurrent use; isolation levels bounding box technique See also dynamic bounding box technique three-dimensional, 312 two-dimensional, 269–270, 272, 276, 282–283, 305 Buffer Manager:Page life expectancy counter, 37 Business Intelligence Development Studio, creating calendar tables with, 329–333, 335 business logic, 8, 11 C cache, 37, 38, 172–173, 176–180 Cache Hit Ratio counter, 37 Cached Pages counter, 37 calendar tables, 329–333, 335–340 CAs (certification authorities), 94, 99 CAS (Code Access Security), NET, 137–139, 140, 145–147 catch block, defined, 62 Celko, Joe, 422 certificate-level encryption, 98–101, 106, 108, 117 certificates backing up, 88 creating, 75, 87 cryptographic hash, 87 described, 94, 99 identifying users, 87 modules, signing, 83, 85–87 permissions on, 100, 105 proxies based on, 85 restoring, 88 self-signed, 99–100 stored procedures, signing, 85–87 certification authorities (CAs), 94, 99 chaining, ownership, 77, 81–85 ciphertext, defined, 94 classes compared to tables, 13–14 classification systems, 375 See also graphs; hierarchies; trees client/server-based architecture, CLR (common language runtime) See SQL common language runtime COALESCE function, 184–185 Code Access Security (CAS), NET, 137–139, 140, 145–147 code, SQL defensive, 67 reuse, 135 cohesion, module, 2, 4–5, 20 columns adding in nested sets model, 437 adding in persistent materialized paths, 436 aliases, creating, security, 106–108 commodity hardware, commodity servers, common language runtime (CLR) See SQL common language runtime Common Table Expressions (CTEs) compared to persistent materialized paths, 411 limitations, 387 ordering output, 385 traversing graphs, 384–385, 389 traversing hierarchies, 400, 404 compilation, query, 51, 63, 172–174 computers, evolution, 8–9 concurrency control See also pessimistic concurrency control anarchic, 210–211, 216 multivalue, 211, 216, 239–242, 243, 249 optimistic, 211, 216, 234–237, 249 in Subversion, 211 updateable cursors, 216 in Visual SourceSafe, 211 concurrent use See also isolation levels common problems, 210 development factors, 209 errors triggered by, 209 implementation methods, 210, 216 models used, 249 monitoring performance, 363 queuing, enhancement for, 243–248, 249 SQL Server goals, 216 contention for disk, 37–38 continuous integration, 30 contracts, interface, 5–6 CONVERT function, 318–319 ConvertTimeZoneToUtc method, 344 ConvertUtcToTimeZone method, 346 coupling, 2–3, covering indexes, 268, 284 CPU information, event, 34 CREATE ASSEMBLY command, 137 CREATE CERTIFICATE command, 75, 88 CREATE LOGIN FROM CERTIFICATE command, 75 CREATE SCHEMA command, 77 CREATE USER FOR CERTIFICATE command, 75 CREATE USER WITHOUT LOGIN command, 75, 82 Cristofor, Laurentiu, 94 CROSS APPLY operator, 283, 352–354, 368 cross-database ownership chaining, 82–83 729XchIDX.qxd 4/20/07 3:43 PM Page 441 ■INDEX CruiseControl NET, 30 CTEs See Common Table Expressions cursors, updateable, 216 cycles, caused by updates, 409 cyclic graphs, 375, 376, 407–409 D Find it faster at http://superindex.apress.com/ Dam, Sajal, 33 data See also geospatial data “at rest”, 92, 96, 97, 99 flawed, working with, 370 instance-based, 315 overwriting, 210 period-based, 316 role in application development, sample, acquiring, 253 searching on encrypted, 125–130 spatial, 251, 312–313 data availability testing, 31 data logic, 10, 11 Data Protection API (DPAPI) symmetric key protection, 95 data types, SQL Server, 134, 316 database administrator, securing data from, 96–97, 99, 109–111 database master keys, 95–96 database systems, evolution, 8–9 databases accessing information, 13–14 design goals, flexibility, 169 inheritance represented in, 14–16 integrating with object-oriented systems, 8, 12–13, 17–18 multiple, 78, 83 purpose, 171 representing object-oriented relationships, 16 role in applications, 19 security responsibilities, 20 data-dependent applications, data-driven applications, DataTable class, 153, 156–157 DATEADD function, 323–328, 369 DATEDIFF function, 323–328, 368 DATEFORMAT settings, 318 DATENAME function, 336 dates See also calendar tables; temporal data calculations on, 323–329 converting from nonstandard, 318 formatting in the database, 319 input formats, 316–318 output format, 318–319 querying, 320–323, 336–340 rounding, 324 standard, 317 DATETIME data type, 134, 315, 316 DateTime string formatting, 319 DAY function, 328 daylight savings time, 343 db_owner database role, protecting data from, 96, 100, 109 DBCC FLUSHPROCINDB command, 174 DBCC FREEPROCCACHE command, 174 deadlocks, managing, 66–67 debug assertions, 26–27 DecryptByAsymKey() function, 101 DecryptByCert() function, 101 DecryptByKey() function, 103 DecryptByKeyAutoAsymKey() function, 103–105 DecryptByKeyAutoCert() function, 103–105, 107 DecryptByPassphrase() function, 109 defensive coding, 67 degrees converting to/from radians, 255–256, 259–260, 262 measuring longitude/latitude in, 255 descendant nodes, 376 descendant relationships, 377 dictionary attacks, 94, 116 DiffGram, 237–238 digraphs, 375–376, 380–381 directed edges, 375 directed graphs, 375–376, 380–381 dirty read technique for lock contention, 37 disk contention, 37–38 Disk Read Bytes/sec counter, 36 Disk Write Bytes/sec counter, 36 Distance function, 301 DistCLR function, 301 DML query performance, 37 DPAPI (Data Protection API) symmetric key protection, 95 durations, temporal, 34, 368–369 dynamic bounding box technique CLR implementation, 288–293 described, 284 implementation considerations, 285, 292–293 T-SQL implementation, 285–288, 292, 309, 311 use cases, 292 dynamic SQL advantages, 171, 187 authorization, 204–205 defined, 169 formatting, 189–191 justification for, 171–172 ownership chaining, 82 parameterization, 186–192, 195 performance, 172, 191–192, 200–203 security, 170, 192–194, 204–207 uses, 180 Dynamic Time Zone Support, 343 441 729XchIDX.qxd 442 4/20/07 3:43 PM Page 442 ■INDEX E edges, graph, 375 encapsulation application architecture, 2, 5, 10 challenges to determining, CLR technique, 279 database interface, 18–19 defined, example, importance, 5, 10 interface, 18–19 options, 272 T-SQL technique, 279 EncryptByAsymKey() function, 100 EncryptByCert() function, 100 EncryptByPassphrase encryption, 108–111 EncryptByPassphrase() function, 108 encryption See also asymmetric encryption certificate-level, 98–101, 106, 108, 117 concerns, 91, 93 hybrid approach, 102, 109, 112–115, 117–125 indexing and, 111 by passphrase, 108–111 performance, effect on, 93, 111, 116 reasons, 91 searching on encrypted data, 125–130 symmetric, 94, 101, 102, 106–108, 111 terminology, 93–94 encryption keys asymmetric, 96, 98–100, 101 database master, 95–96 defined, 93, 94 private, 99 service master, 94, 95, 96–97 symmetric, 96, 102, 103, 105, 108 Endpoints to expose stored procedures, 18 enumerating the path, 397, 399 @@ERROR, 61–62 error 208 exceptions, 60 error level SQL Server, 54 user, 56 error messages events, 60 exceptions, 53–56, 60 format designators, 57–58 localization, 59 SQL Server, 53–54 user, 57–59 error numbers, SQL Server, 53 error state, SQL Server, 55 ERROR_LINE function, 63–64 ERROR_MESSAGE function, 63–64 ERROR_NUMBER function, 63–64 ERROR_PROCEDURE function, 63–64 ERROR_SEVERITY function, 63–64 ERROR_STATE function, 63–64 errors, defined, 47 events See also specific events duration information, 34 monitoring server, 34–36 Exception events, 60 exceptions advantages, 48 avoiding, 67 batch-level, 49–50 behavior, 47 compilation, 63 component information, 53–56 connection-level, 49, 52 customizing settings, 52–53 data transactions, effects on, 68–71 described, 47, 48 documentation, handling, 7, 60–64, 66–67, 71–72 logging, 60, 66 messages, 53–56, 57–58, 60 monitoring, 60 parsing, 50–51, 63 philosophical approaches, 48 raising, 56 rethrowing, 64–66 scope-resolution, 50–51 server-level, 52 severity, 59 statement-level, 48–49 tracing, 60 unlikely, 47 EXEC command, 187 See also EXECUTE command EXECUTE AS command, 79–80, 83–85 EXECUTE command, 170, 187, 192–194, 195, 196 explicit contracts, EXTERNAL_ACCESS permission set, 137 F farms, server, fDistanceLatLon function, 301 feature creep, 21–22 fHtmCoverCircleLatLon function, 306 fHtmNearbyLatLon function, 302–303, 306–308 fHtmNearestLatLon function, 308–311 file I/O, 138, 147 FileIOPermission class, 147 FileIOPermissionAccess enumeration, 147 filters, sargable, 268–269 flexible modules/interfaces, problems caused by, 19–20 fn_trace_gettable function, 36 forced parameterization, 175 forests, 376, 407 729XchIDX.qxd 4/20/07 3:43 PM Page 443 ■INDEX format designators, error message, 57–58 formatting in the database, 369 functional testing, 24, 26 G H half-open intervals, 353 hash cryptographic, 87 defined, 94 described, 98, 126 drawbacks, 98, 122 salting, 94, 116–118 searches using, 126 security assaults using, 98 uses, 98, 116 HashBytes() function, 97, 116 See also hash Hierarchical Triangular Mesh (HTM) algorithm, 295–297 compared to longitude/latitude methods, 298, 311 conversion functions, 300 described, 294 distance calculation functions, 301 I impersonation, 74–75, 79–81 implied contracts, indexing covering, 268, 284 encryption and, 111 geospatial data, 294 Hierarchical Triangular Mesh, 297–298 limitations, 294 persistent materialized paths, 410 inheritance, 13, 14–16 inline expressions, 264, 265 input/output (I/O), logical, 34 inserts, 405–406, 409, 418–419, 428–430 instance-based data, 315 INSTEAD OF, modeling inheritance using, 16 integer format designator, 57 integration continuous, 30 of databases with object-oriented systems, 8, 12–13, 17–18 SQLCLR, 135 interface bus, 11 interfaces application programming, 18–19 consistency, testing, 31 contracts for, 5–6 cross-platform, 18 described, designing, 6–7, 18 encapsulation, 18–19 exception handling, flexible, 19–20 Find it faster at http://superindex.apress.com/ game worlds, spatial data on, 312–313 geographical data, accessing US, 391 geospatial data See also Hierarchical Triangular Mesh; spatial data applications, 251, 263 custom coordinate systems, 293 distance between points, calculating, 254–258, 301 formulas, 255, 259 indexing, 294 latitude/longitude, representing via, 251–252, 293–294 neighbor, finding nearest, 281–293 points, finding, 259–263 representing, 251–252 sample data, 253–254 searching, 263–267, 269–279, 302–305 GetTimeZonesFromRegistry function, 344 GETUTCDATE, 347 GMT (Greenwich Mean Time), 341 GO T-SQL command, 55–56 GRANT IMPERSONATE command, 80 graphs See also adjacency list model; nested sets model cyclic, 375, 376, 407–409 defined, 375 directed, 375–376, 380–381 traversing, 381–390, 391 types, 375–376 undirected, 376, 380 Gray, Jim, 33 Greenwich Mean Time (GMT), 341 implementation, 298–300 indexing, 297–298 input types, 300 neighbor, finding nearest, 308–311 neighborhood search function, 302–305 projection on earth, 297 resources on, 294 uses, 294 hierarchies See also adjacency list model applications, 9–10 characteristics, 376–377 described, 375, 376 design techniques, 375 multirow inserts, 419 navigating up, 412–413 showing nodes at each level, 436 traversing, 400, 404 hints, table, 214 HOLDLOCK table hint, 214 HostProtectionAttribute (HPA), NET, 137–140, 141–143, 145 HTM See Hierarchical Triangular Mesh Hunt, Andy, 27 443 729XchIDX.qxd 444 4/20/07 3:43 PM Page 444 ■INDEX implementation hiding, 6–7 inputs/outputs, 5–7 interval-based data, 315 intervals constraining, 362–363 described, 348 half-open, 353 overlapping, 360–368 querying, 351–356, 358–360 representing, 348–350, 354–358 triggers, 362–363 InvalidOperationExceptions (Microsoft NET Framework 2.0), 48 I/O (input/output), logical, 34 ISO 8601 standard date/time format, 317 isolation levels, 211–216 IStalkWalk interface (Assert method), 146–147 K Kaufmann, Morgan, 422 keys See encryption keys kilometers, converting to/from radians, 256, 260, 262 KISS (Keep it simple, stupid) Principle, 22 L late binding, 51 latitude geospatial data in, 251–252, 293–294 HTM method compared to, 298, 311 measuring, 255–256 least privilege, principle of, 74 load testing, 37, 38 See also performance testing localization of error messages, 59 lock tokens, 219–221, 223–224 locks See also concurrent use; isolation levels acquiring, 224 contention techniques, 37 deadlocks, managing, 66–67 described, 224 drawbacks, 225 enforcing at write time, 222–224 example, 214 isolation level difference, 214 nontransactional, 225–234 releasing, 221–222, 224 time tracking, 221–222 transactional, 224 Locks:Average Wait Time (ms) counter, 37 logging exceptions, 60, 66 logic application, 12 business, 8, 11 data, 10, 11 types, 10 logins (server-level principals) creating, 75 defined, 74 granting permissions, 88 proxy, 75, 85, 87 use of, 75 longitude geospatial data in, 251–252, 293–294 HTM method compared to, 298, 311 measuring, 255–256 representing geospatial data using, 251–252 loops, retry, 66–67 M MAC (message authentication code), 116–121, 123–126, 127, 130 machine credentials, 95 maintainability, application, 19–20 Marathe, Arun, 173 master keys, 95–97 master spt_values table, 177 materialized path notation, 387–388 materialized paths, persistent, 409–411, 412–413, 419–421, 422, 436 message authentication code (MAC), 116–121, 123–126, 127, 130 miles, converting to/from radians, 256, 260, 262 miles, nautical, 301 mock objects, 170 modules, code See also certificates cohesion, 2, 4–5, 20 defined, 81 flexible, 19–20 privilege escalation and, 81 purpose, MONTH function, 328 Moreau, Tom, 15–16 multiple databases, 78, 83 multirow inserts, 409, 419 multivalue concurrency control (MVCC), 211, 216, 239–242, 243, 249 N name prefixes, owner, 76 naming strong, 150 two-part, 77 nautical miles, converting to/from kilometers/miles, 301 neighborhood search function (Hierarchical Triangular Mesh), 302–305 nested sets model building, 423–424, 426 columns, adding, 437 constraining, 436 729XchIDX.qxd 4/20/07 3:43 PM Page 445 ■INDEX O object-oriented systems accessing information, 13–14 business logic in, databases, integrating in, 8, 12–13, 17–18 databases, representing, 16 design goals, inheritance in, 14–15 Object-Relational Mappers (ORM), 17 objects creating, 77 mock, 170 owners, 76–77 referencing, 77 offset transactions, 370–371 onion model of security, 75–76 optimistic concurrency control, 211, 216, 234–237, 249 OPTIMISTIC isolation options, 216 optimization, query, 268, 364–365 optional parameters dynamic SQL, 186–192, 195 static in stored procedures, 182–187 static T-SQL, 180–182, 187 ORDER BY clause, 385 ORIGINAL_LOGIN function, 81 ORM (Object-Relational Mappers), 17 OUTER APPLY operator, 283 OUTPUT keyword, 204 overwriting data, 210 owner name prefixing, 76 ownership chaining, 77, 81–85 P Page life expectancy counter, 37 parameterization, query See also optional parameters; sp_executesql system stored procedure advantages, 195 application-level, 175–177 automatic, 174–175 dynamic SQL, 186–192, 195 forced, 175 performance, effect on, 177–180 steps, 195 parent nodes, 376–377 parse trees, 172 parsing, 50–51, 63 passphrase encryption, 108–111 password complexity database master keys and, 96 EncryptByPassphrase encryption and, 109 Perfmon, 37 performance asymmetric encryption, 108, 111, 117 baseline tests, 34 cache, benefits of, 177–180 certificate-level encryption, 108, 117 DML query issues, 37 dynamic SQL, 172, 191–192, 200–203 encryption, effects on, 93, 111, 116 improving, techniques for, 122 measuring, 280 monitoring, 363 parameterization benefits, 177–180 pipeline queues, 247–248 SELECT query issues, 36 sp_executesql system stored procedure, 197–198 SQL Server service, effect of restarting, 204 SQLCLR compared to T-SQL, 143 static SQL, 172, 180–187 static SQL stored procedure, 180–187, 198–200, 203 stored procedures vs ad hoc SQL, 171 symmetric encryption, 108, 111 performance monitor, 37 performance testing See also load testing additional information, 33 counters, 36–37 identifying problems, 40 importance, 31, 33 process, 33–34, 37–39 profiling server activity, 34–36 stored procedures, 39 tools, 40–45, 176, 177–178, 199–203 period-based data, 316 permission sets, assembly code, 137–141 Find it faster at http://superindex.apress.com/ deleting nodes, 435–436 described, 422–423 inserting nodes, 428–430 level column, adding, 437 navigating up, 428 querying subtrees, 426–427 relocating subtrees, 430–434 traversing, 423 NET interoperability, data type issues, 134 nodes deleting, 406, 422 holding in path, 399, 413–414 inserting, 405–406, 409, 418–419, 428–430 modeling connections, 377–378 parent, 376–377 root, 376–377 showing in hierarchies, 436 subordinate, 376 nonrepeatable reading, 210 nontransactional locks, 225–234 normalization in application architecture, 12–13 nullable data types, NET, 134 NUnit unit testing framework, 27, 29 445 729XchIDX.qxd 446 4/20/07 3:43 PM Page 446 ■INDEX permissions on asymmetric keys, 100 on certificates, 100 database-level, assigning, 85–87 order of use, 75 schemas, applying within, 77 server-level, delegating, 75 server-level principals, 88 system-level, assigning, 87–89 persistent materialized paths, 409–411, 412–413, 419–421, 422, 436 pessimistic concurrency control described, 210, 216 drawbacks, 221, 249 enforcing locks at write time, 222–224 example implementations, 217–222, 224 example nontransactional implementation, 225–234 isolation level support for, 216 phantom rows, 214 PhysicalDisk:Avg Disk Queue Length counter, 36 PhysicalDisk:Disk Read Bytes/sec counter, 36 PhysicalDisk:Disk Write Bytes/sec counter, 36 pipeline queues, 243–248, 249 Plan Cache:Cached Pages counter, 37 Plan Cache:Cache Hit Ratio counter, 37 polygons, spatial regions as, 313 polymorphism, 13 Pragmatic Unit Testing in C with NUnit (Hunt & Thomas), 27 prefixing, owner name, 76 preorder traversal, 423 prime meridian, 341 principle of least privilege, 74 private key length, 99 privilege escalation certificates, 100, 105 ownership chaining, 77, 81–85 raising selectively, 141–143, 145–147 stored procedures, 76, 83–85, 97, 205–207 privileges, resource cross-assembly, 148–150 goals, 74 in non-Windows systems, 74 in Windows-based systems, 74 Pro SQL Server 2005 (Apress), 133, 215 Pro SQL Server 2005 Service Broker (Aschenbrenner), 225 % Processor Time counter, 36 Processor:% Processor Time counter, 36 Profiler tool, 35, 37, 97, 110–111, 363 profiling server activity, 34–36 proxies certificate-based, 85 described, 74 login, 75, 87 users, 85 public-key encryption See asymmetric keys Pythagorean theorem, 254, 258, 268–269, 313 Q queries See also parameterization, query compilation, 51, 63, 172–174 database, 17 optimization, 268, 364–365 scope resolution, 51 query plan cache, 172–173, 176–180 queuing for concurrency enhancement, 243–248, 249 QUOTENAME function, 207 R radians converting to/from degrees, 255–256, 259–260, 262 converting to/from miles or kilometers, 256, 260, 262 measuring longitude/latitude in, 255–256 RAISERROR function, 56, 58–60, 65 RANK function, 282 Rational Guide to SQL Server 2005 Service Broker (Woller), 225 READ COMMITTED isolation level, 211, 213–214, 216 READ COMMITTED SNAPSHOT isolation level, 212 READ UNCOMMITTED isolation level, 212, 215–216 reading nonrepeatable, 210 from registry, 344 Reads information event, 34 recompilation, 35, 173 recursive triggers database option, 435 refactoring, registry, reading from, 344 regression testing, 29–31 relational databases compared to SQL databases, 14 Remote Procedure Calls (RPCs), 176 REPEATABLE READ isolation level, 211, 213–214, 216 rethrowing SQL Server exceptions, 64–66 retry loops, 66–67 reuse, code, 135 REVERT command, 80 root nodes, 376–377 routing systems, 391 row versioning technique for lock contention, 37 row-level security, 76 729XchIDX.qxd 4/20/07 3:43 PM Page 447 ■INDEX ROWVERSION type, 234–236 RPC:Completed events, 34–35 RPCs (Remote Procedure Calls), 176 rules See logic Rusanu, Remus, 228 S Find it faster at http://superindex.apress.com/ SAFE permission set, 137 salting hashes, 94, 116–118 sample data, acquiring, 253 sargable filters, 268–269 scans, avoiding table, 268 Scan:Started events, 35 schemas, 76–78 scope resolution, SQL Server query, 51 searching on encrypted data, 125–130 geospatial data, 263–267, 269–279, 302–305 security See also authentication; authorization; encryption ad hoc SQL vs dynamic SQL, 170 application, 20 attacks on, 74–75, 88, 94, 98, 116, 192–194 CAS, 137–139, 140, 145–147 columns, controlling by, 106–108 database responsibilities, 20 described, 73 dynamic SQL, 170, 192–194, 204–207 layering, 75–76 minimizing, 90 risks from administrators, 96–97, 99, 109–111 row-level, 353 schemas, 76 SQL Server Profiler risks, 97 SQLCLR features, 137–143, 145–147 stored procedures, 76, 83–85, 97, 205–207 trustworthy databases, 148 SELECT queries, performance, 36 self-signed certificates, 99–100 semiopen intervals, 353 SERIALIZABLE isolation level, 211, 213–214, 216 server farms, server-side traces, 35–36 service account credentials, 95 Service Broker, 96, 151, 225–226, 228, 243 service master keys, 94, 95, 96–97 SET DATEFORMAT command, 318 SET STATISTICS TIME option, 173–174 SETUSER command,, 79 severity, user exceptions, 59 shared-key encryption, 94, 101, 102, 106–108, 111 sibling relationships, 377 single-key encryption, 94, 101, 102, 106–108, 111 SMALLDATETIME data type, 316 SNAPSHOT isolation level, 212, 215–216 software architecture, 2–5, 8–9, 10, 12–13, 20 sorting load, 171–172 numerical values, zero-padding for, 397, 399, 422 sp_addmessage stored procedure, 58–59 sp_executesql system stored procedure, 170, 196–198, 204 sp_getapplock stored procedure, 224–225 sp_releaseapplock stored procedure, 225 spatial data, 251, 312–313 See also geospatial data Spatial database, 253–254, 300–303, 306, 308, 312 See also Hierarchical Triangular Mesh SP:Recompile events, 35 SQL common language runtime (SQLCLR) NET interoperability, 134–135 address format validation example, 135–136 advantages, 135–136 cross-assembly privilege, 148–150 custom aggregates, 162–167 disadvantages, 261 integration, 135 performance compared to T-SQL, 143 resources on, 133 security/reliability features, 137–143, 145–147 serialization example, 153–161 string-formatting capabilities, 319 as T-SQL replacement, 133 user-defined functions compared to stored procedures, 265, 267 uses, 133 SQL databases compared to relational model, 14 SQL for Smarties: Advanced SQL Programming (Celko), 422 SQL injection attacks, 192–194 SQL Server 2005, differences from SQL Server 2000, 435 SQL Server Profiler, 35, 37, 97, 110–111, 363 SQL Server Query Performance Tuning Distilled (Dam), 33 SQL:BatchCompleted events, 34–35 SQLCLR See SQL common language runtime SqlDataReader class, 157 SQLQueryStress performance testing tool, 40–45, 176, 177–178, 199–203 SqlTypes NET namespace, 134–135 stored procedures See also T-SQL stored procedures advantages, 170–171 for APIs, 18–19 447 729XchIDX.qxd 448 4/20/07 3:43 PM Page 448 ■INDEX controversy over, 170 data transactions, effects on, 68–69 database security risks, 97 described, 170 disadvantages, 273 exposing, 18 hiding procedures, 110 identifying, 87 optional parameters, 180, 182–187 output characteristics, 159 parameter passing, 205–207 performance, 171, 180–187, 198–200, 203 performance testing, 39 security, 76, 83–85, 97, 111, 205–207 signed, 85–87 static, 171, 180–187, 198–200, 203 testing, 170 transactions and, 68–69 street data, accessing, 391 stress testing, 37, 38 See also performance testing string encoding for holding nodes in a path, 399, 413–418 strings, formatting, 57, 319 strong naming, 150 su command (UNIX), 74 subordinate nodes, 376 Subversion, concurrency control in, 211 SUSER_NAME function, 81 symmetric encryption, 94, 101, 102, 106–108, 111 symmetric keys, 96, 102, 103, 105, 108 sysadmin fixed server role, protecting data from, 96–97, 99, 109–111 sys.certificates view, 87 sys.crypt_properties view, 87 sys.dm_exec_cached_plans dynamic management view, 174 sys.dm_exec_sql_text function, 174 System Monitor console, 37 System.Data.SqlTypes NET namespace, 134–135 System.DateTime string formatting, 319 T table hints, 214 table scans, avoiding, 268 tables compared to classes, 13–14 TDD (Test-Driven Development) methodology, 170 templates, error message, 53–54 temporal data See also dates; intervals; times categories, 315–316 data types, 134, 316 design issues, 340 durations, 368–369 importance, 315 querying, 242 time zone issues, 341–348 testability, application, 19–20 Test-Driven Development (TDD) methodology, 170 testing, application benefits, 32 black box, 23–24 database, shortage of, 23 functional, 24, 26 reasons, 30–31 regression, 29–31 stored procedures and, 170 strategies, 416 techniques, 30 timing, 30 types, 23–26, 29, 31, 33 unit, 24, 26, 27, 29 volume of tests needed, 31–32 white box, 23–24, 26 testing, cache, 38 testing, data availability, 31 testing, interface consistency, 31 testing, load, 37, 38 testing, performance See performance testing Thomas, Dave, 27 three-dimensional bounding box technique, 312 thumbprint, certificate, 87 TIGER/Line data, 391 time zones, effects on date, 341–348 times See also temporal data calculations on, 323–329 constraining, 349 input formats, 317–318 querying, 320–323, 336–340, 365–368 rounding, 324 standard, 317 TimeSpan type, 369 TO_CHAR function (Oracle), 319 TOP expression, 281–282 ToString method, 319 Trace, hiding procedures from, 110 tracing server activity, 34–36 SQL Server exceptions, 60 transactional locks, 224 transactions doomed, 71–72 exceptions and, 68–71 offset, 370–371 rolling back, 68–72 stored procedures and, 68–69 trees, 375, 376 Trees and Hierarchies in SQL for Smarties (Kaufmann), 422 729XchIDX.qxd 4/20/07 3:43 PM Page 449 ■INDEX U UDAs (user-defined aggregates), 162–167 UDF output characteristics, 159 undirected edges, 375 undirected graphs, 376, 380 UNION ALL operator, ordering results of, 285 unit testing, 24, 26, 27, 29 See also assertions, debug Universale Temps Coordinee (UTC), 341 UNSAFE permission set, 137 updateable cursors, concurrency control, 216 updates causing cycles, 409 US geographical data, accessing, 391 User Error Message events, 60 user interface data, in application architecture, 12 USER_NAME function, 81 user-defined aggregates (UDAs), 162–167 user-defined functions, 259, 264, 272–273 users (database-level principals), 74, 75, 85 users, impersonating, 74–75, 79–81 UTC (Universale Temps Coordinee), 341 V valid time component, 316 views, 87, 105, 174 virtual space, 312–313 Visual SourceSafe, concurrency control in, 211 Visual Studio 2005 Team System, 37 W WAITFOR command, 225 warnings, SQL Server, 54, 60 web services, as cross-platform interface layer, 18 white box testing, 23–24, 26 wildcard searches, on encrypted data, 125–130 WindowsIdentity class (Microsoft NET), 74 Woller, Roger, 225 wrapper methods/classes, 135–136 Writes information event, 34 X XACT_ABORT setting, 52–53, 69–71 XACT_STATE function, 72 XML format documents, 151, 237–238 XML serialization example, 151–153 Z zero-padding for sorting numerical values, 397, 399, 422 Find it faster at http://superindex.apress.com/ triggers, 239, 362–363, 435 Triple-DES symmetric key, derived by the passphrase, 108 trixels, 294 See also Hierarchical Triangular Mesh trustworthy databases, 148 try block, defined, 62 try/catch exception handling, 62–64, 66–67, 71–72 T-SQL stored procedures dynamic bounding box technique, 285–288, 292, 309, 311 encapsulation, 279 inputs/outputs, optional parameters, 180–182, 187 outputs, SQLCLR compared, 133, 143 TSQLUnit unit testing framework, 27 two-dimensional bounding box technique, 269–270, 272, 276, 282–283, 305 See also dynamic bounding box technique two-part naming, 77 449 ... for SQL Server Professional and TechNet magazines, serves as the SQL Server 2005 Expert for SearchSQLServer.com, and has contributed to several books on SQL Server, including Pro SQL Server 2005. .. 4/20/07 4:19 PM Page i Expert SQL Server 2005 Development Adam Machanic with Hugo Kornelis and Lara Rubbelke CH00FMFINAL.qxd 4/20/07 4:19 PM Page ii Expert SQL Server 2005 Development Copyright... (Apress, 2005) He regularly speaks at user groups, community events, and conferences on a variety of SQL Server and NET-related topics He is a Microsoft Most Valuable Professional (MVP) for SQL Server