What’s the meaning of “resources external to the SQL Server computer are needed” in Microsoft’s SQL documentation?

In Microsoft’s SQL Server documentation on Windows service account configuration, the decision to use either a VA (virtual account) or a MSA (managed service account) hinges on whether

resources external to the SQL Server computer are needed

What exactly does this phrase mean here? I’m seeking an explanation that makes sense to an ‘accidental DBA’ with minimal experience of SQL Server, or Windows Server, configuration. What counts as a ‘resource’ here, and what kinds of ‘need’ are relevant?

Context: I have a fresh SQL Server 2019 VM on Azure, which was configured with VAs out-of-the-box, and I’m trying to decide whether we need to switch to using MSAs. I have found multiple other questions concerning this same documentation page and/or the same basic decision between VAs or MSAs (or regular AD Accounts) – but none really explain this specific phrase in a way that helps me apply it to my particular scenario. Which is essentially a data warehouse use-case: data will be coming into this SQL instance from external sources, but that’ll be managed by a third-party DW automation application running SSIS scripts, not directly by the SQL engine. (This application has its own AD service accounts.)

Whilst I’ve explained my specific scenario here to try to clarify the question, I’m keen for a generic answer so anyone with any SQL Server use case can evaluate this "resources external to the SQL Server" phrase for their needs. Specific answers for my use case are also welcome.

Using lulu on osx in home business setup. Any reason for external router base firewall?

I have Lulu setup under osx on my Mac. So say an errant program, curl, if it tries to access outside address is stopped.

Would an external router based firewall bring any extra level of protection? I surmise that it will not be fine-grained enough to stop a particular process.

I believe that outgoing request are more risky than incoming request as I do not have any programming listening for request. e.g. No web server enabled.

What use would external router based firewall bring?

I am seeing ICMP type 3 error message from my firewall logs. However , I am unable to find the original request sent to that external IP [closed]

No matching connection for ICMP error message: icmp src inside: X.X.X.98 dst outside: X.X.X.11 (type 3, code 2) on inside interface. Original IP payload: udp src X.X.X.11/53 dst X.X.X.98/52906.

Can somebody please help me understand the cause.

How do we sort the chunk in the first pass of external merge sort?

Referring to the 9th page of a slide, when we use multi-pass multi-way external merge sort on a file with $ N$ pages using $ B$ buffer pages, in "pass 0" we’ll read a chunk of $ B$ pages into all buffers, sort the chunk, and write it back to disk, repeatedly to produce $ \lceil{N/B}\rceil$ sorted chunks. In later passes, we’ll use $ (B-1)$ buffers for input and the last buffer for output to merge $ (B-1)$ sorted chunks together each time each pass.

As is not mentioned at all, how the whole chunk (in pass 0) can be sorted when all buffers are being used for input?

Why am i getting “missing right parenthesis” error when i try to LOG ERRORS when loading from an external table?

I’ve successfully created an error logging table

BEGIN     DBMS_ERRLOG.create_error_log(     dml_table_name  => 'enzyme',     skip_unsupported => TRUE); END; /  desc ERR$  _ENZYME; 
Name            Null? Type            --------------- ----- --------------  ORA_ERR_NUMBER$         NUMBER          ORA_ERR_MESG$           VARCHAR2(2000)  ORA_ERR_ROWID$          UROWID          ORA_ERR_OPTYP$          VARCHAR2(2)     ORA_ERR_TAG$            VARCHAR2(2000)  ENZ_NAME              VARCHAR2(4000)  

But i get an error when I try to run this query:

insert /*+ ignore_row_on_dupkey_index ( enzyme ( enz_name ) ) */ into enzyme SELECT enz_name FROM EXTERNAL ((   construct_id NUMBER(10),   n_term VARCHAR2 (50),   enz_name VARCHAR2 (3),   c_term VARCHAR2 (50),   cpp VARCHAR2 (50),   mutations VARCHAR2 (50),   mw_kda NUMBER (7, 3))      TYPE ORACLE_LOADER     DEFAULT DIRECTORY data_to_input     ACCESS PARAMETERS (         RECORDS DELIMITED BY NEWLINE         skip 1         FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"'         MISSING FIELD VALUES ARE NULL          )      LOCATION ('CONSTRUCT.CSV')     LOG ERRORS INTO ERR$  _ENZYME ('INSERT') REJECT LIMIT UNLIMITED) ext     where not exists (         select * from enzyme e         where e.enz_name = ext.enz_name     ); 
Error at Command Line : 79 Column : 5 Error report - SQL Error: ORA-00907: missing right parenthesis 00907. 00000 -  "missing right parenthesis" *Cause:     *Action: 

Line 79 is the LOG ERRORS INTO line.

If i delete the LOG ERRORS INTO ERR$ _ENZYME ('INSERT') part, this command functions perfectly.

Best practice handling external jwt in a server

I’m currently building a mobile app using the Spotify Web Api.

The thing is, I need the mobile app to only get the authorization code and then send it to the server since the server will call the Spotify web api when needed.

So the server is responsible for getting the access token and refresh token and refresh them as needed.

Here’s a diagram of what I’m thinking:

enter image description here

Reading the Spotify Documentation I’ve seen that they also recommend using PKCE when building mobile apps. But I’m not sure how this would work in my case. I would need to generate the code_verifier in the mobile app but also send it to my server.

I guess my question would be, does my flow make sense? Is it ok to store all the user’s access_tokens and refresh_tokens in my DB and use them as needed?

OpenVPN: test security from external point of view

How would I test an OpenVPN environment from external, kind of black box pentest. I have the public server-IP (port 1194, udp, tun).

I have found NO online ressources on how to do that, or whether some tools are available (e.g. for IPsec there is the ike-scan tools), nmap has no scripts for that, metasploit has no plugins, kali has no tools (only OpenVAS looks like it has a module, didnt try that yet).

Is there any way to test or analyse the security of OpenVPN from an external point of view?

External IP address in router UPnP settings Whatsapp – UK Ministry of Defence IP Address?

I was fiddling with my router’s UPnP settings and found this

enter image description here

Why is an external IP address showing here?

I also did a reverse IP search and to my surprise the IP 25.54.27.39 showed "UK Ministry of Defence". I am not in the UK military or on a military base.

Something fishy going on? I have already disabled Upnp.

Remove author for external link data

I’ve made a page for a client, but when I paste the homepage link into Discord, it shows the page info.

It shows the Page Title, the page author, the page title again, and then the excerpt. I’d rather scrub my name from ever showing up in any meta data on the page, but even looking through dev tools, and searching for any mention of my name, or the word author, I find zero results that would indicate discord should be even finding my personal name. Has anyone had any experience with this?