How can we correlate linked server queries running to their source instance?

We have multiple versions of SQL Server from 2008R2 (I know) to 2016. There are many linked server queries. I’m trying to build a tool that will tell me the queries executing on a target server that come from linked server queries executing on another source server.

QUESTION #1)

Can I rely on sys.dm_exec_sessions.program_name = ‘Microsoft SQL Server’?

I’ve hesitated to go that route so far and have been relying on looking at the sql text:

dest.text LIKE '%"Tbl[0-9][0-9][0-9][0-9]"%' 

QUESTION #2)

Once I have found the linked server queries running on my target instance, I want to traverse back to the original calling instance. Is there an easy way to do this?

Right now, I’m heading down the path of looking for the target instance in the sql text of queries running on the source host(s):

AND dest.text LIKE '%$  LinkedServerName%' 

(Not the variable expansion – this is a powershell snippet, not straight TSQL)

Still, I may have some interesting logic to truly say, “This query is what is causing the query to execute on my linked server” – not to mention the perf hit of the leading wildcard search into my sql text.

Ideas?

Thank you,

-Peter

How people get their game ideas?

One thing that always stop me when I want to start making a game is having no idea what to do. How do people get ideas for their game ? I mean realistic ideas for people who are alone with the minimum ressources (no money for assets, blender and unity). I will never stop being impressed by all new concept, mecanics or crazy ideas of game indie developpers come-up with, like making game out of random everyday objects. I wish I was able to do that.

How are ghostly warders permitted to pass in and out of their maga’s home aegis?


Background

We have a magi with a ghostly warder founding a new covenant. One of the first orders of business is to cast aegis of hearth (AM5 p.161). Since the ghostly warder has a might score, our understanding is that they would be excluded unless they were given a token or part of the casting.

What is the mechanism for permitting a warder?

The two options that were apparent to us, but involved a follow up question were:

  • Are they given a token? If so, how can they even carry a token?
  • Are they part of the casting? If so, how can they participate in the casting of a spell?

Which forum CMS lets authors moderate their own topics ?

Hello I'm looking for a forum software to install on my website, that could let any author of a new topic moderate its topic with the same rights as a regular moderator, mostly by editing other members' replies.

I've joined a hundred of BBS (running most softwares) and none of them let the authors be moderate their own thread. Therefore I assumed it was not a built in feature, possibly because pyramidal moderation was the only one known to developers.

If there are too many forum CMS with…

Which forum CMS lets authors moderate their own topics ?

How Do Online Identiy Verification Companies Ensures Their APIs to Be Not Abused?

I am trying to implement a photo ID verification along with a live-selfie verification on my Android/iOS apps.

I figured that I might be able to implement these features using Python machine learning libraries. However, I have no idea how to prevent hackers from directly sending verification data to my app’s server.

So, these days, many online identity verification companies utilize the “liveness” detection that can prevent users from taking photos of other people’s photos or photos of ID cards. They confirm if the images were not modified. They even make short videos to confirm the liveness.

However, what if the abuser is not a normal user, but a programmer? What can we do if the programmer directly calls our APIs and send photos or videos to the server? Then the liveness detection will become useless because we will not be able to differentiate the selfie directly sent by the programmer from a lively taken new selfie.

Any solutions? I can only guess that the only way to prevent this type of attacks would be making users take random actions generated by the server. Such as saying something on the screen or making users writing down random digits on the paper and take a picture with it.

Discern Realities — are players supposed to ask their questions before or after dice roll?

The book is pretty clear on this subject:

When you closely study a situation or person, roll+Wis.

✴On a 10+, ask the GM 3 questions from the list below. ✴On a 7–9, ask 1.

So, first you roll dice, then you ask questions from the list. Why do I ask, is because there were talks in the community which imply the players ask questions from the list when the roll still misses.

See Suddenly Ogres for the example — it explains how to narrate misses for Spout Lore and Discern Realities, but implies that players ask “Who’s in control” (a question from the list):

Who’s in control on this masquerade ball? It’s your rival, Duke Dupont, just as you feared!

Who’s in control in that masked ball? Suddenly, ogres are everywhere! I suppose that means that ogres are in control now.

How could that be? Should player ask before rolling the dice, or should the GM ask for further clarifications on miss, or what?

Is it safe to encrypt a user’s third party API key with their own password?

I’m running a node application which needs to make calls to a third party API, on behalf of my user, using their own API keys.

API calls only need to be made on behalf of the user while they are logged into my site.

Currently I use bcrypt to hash and compare their password:

bcrypt.hash(req.body.password, 12, function (err,   hash) {... bcrypt.compare(req.body.password, users[req.body.username]['password'], function (err, result) {... 

I thought when a user adds their API key to the website I could require their password again, and after validating the password, I could use the encryption method Here to encrypt it (with their plaintext password as the key)

When a user logs in, I could validate their password, decrypt their API key using method from link above (and their password), and store the API key in plain text using express-sessions, ready for making calls on user request.

With this method if the user losses the password they will have to reset their API keys. I’m happy to accept that trade off.

Is this approach safe or is there something I’m overlooking?