Last year at the PASS Summit, one of my favorite moments in my Blitz session was showing off my new equivalent of Windows Update for stored procedures. I demoed how to use OPENROWSET to connect your SQL Server to the cloud, fetch an updated version of our sp_Blitz stored procedure, and apply the update automatically.
I knew it was risky and I specifically told the audience repeatedly, “You shouldn’t use this in production.” It was chock full of
nuts security risks. You’re connecting to a complete stranger’s server and running the code you find. I could be dropping your databases, and you wouldn’t know until it was too late. Even worse, my SQL Server could get hacked and a malicious user could replace my tasty sp_Blitz code with sp_HackTheServer code and trash your stuff.
It was a lot of fun while it lasted, and nobody got hacked – but it’s time to quit while we’re ahead. This is really more of a security risk than we’re comfortable taking with your SQL Servers; after all, you trust us to take care of you. We decided to shut down the update service and let everybody get their updates the old-fashioned way – through our Blitz page.
That’s not to say I don’t have tricks up my sleeve for this Summit, though. One of them is up to you: vote for my Enterprise DBA: Bob Dylan Explains TempDB lightning talk. Today’s the last day for voting, and I’ve been practicing my impression. If you wanna see my next costumed session, vote now!