Home
Track lack of SQL Server session configuration
Description
-
The Track lack of SQL Server session configuration code rule checks whether SQL Server session settings are configured correctly. It will detect any lack of configuration that could lead to degraded performance or security issues. This code rule is part of the Microsoft Security Code Analysis extension and is used to identify any configuration settings that are not properly set. The rule checks for the following session settings:
- Max Degree of Parallelism
- Cost Threshold for Parallelism
- Remote Query Timeout
- Lock Timeout
- Deadlock Priority
- Query Wait
- Security Settings
The rule will detect any lack of configuration that could lead to degraded performance or security issues. It is important to ensure that these settings are properly configured to ensure optimal performance and security.
Key Benefits
- Accurate tracking - Track lack of SQL Server session configuration accurately.
- Timely alerts - Receive timely alerts when session configuration is not properly set.
- Reduced risks - Reduce the risks of data exposure due to unsecured sessions.
Non-compliant Code Example
CREATE PROCEDURE GetTotalNumberOfCustomer
AS
BEGIN --Non compliant code (ARITHABORT is not activated on the procedure)
SET ARITHABORT OFF;
SELECT COUNT(*) FROM [Data].Customer;
END;
GO
Compliant Code Example
CREATE PROCEDURE GetTotalNumberOfCustomer
AS
BEGIN --Compliant code (ARITHABORT is activated on the procedure)
SET ARITHABORT ON;
SELECT COUNT(*) FROM [Data].Customer;
END;
GO