Here is the most noteworthy news since my last “Big News In Databases” post from November 2016.

A new SQL standard was released (SQL:2016)

In December 2016, ISO released a new version of the SQL standard. It introduces new features such as row pattern matching, listagg , date and time formatting, and JSON support. I’ve already written about listagg and made a presentation about row pattern matching.

Subscribe the modern-sql.com blog for further updates on the new standard.

Oracle Database 12.2 on premises, cloud prices double for AWS and Azure

Oracle’s cloud strategy was already topic in my previous post: Although the latest database release 12.2 was in November 2016, it was not available for download at that time—it was only available as a service in the Oracle cloud.

In January 2017, Oracle effectively doubled the license cost for the Oracle databases in Amazon’s and Microsoft’s cloud environments. And how does Microsoft react? On May 10, Microsoft announced the availability of MySQL and PostgreSQL as managed services in the Azure cloud.

Begun the cloud war has. One party opens up, another isolates itself. The marked leader watches.

In light of these developments, the release of the Oracle database 12.2 download in March is just a side note.

Database of the year

In January, DB-Engines.com (“TIOBE of databases”) published their database of the year 2016. According to their ranking method, SQL Server had the greatest gains in 2016 and is thus the database of the year 2016. Second and third place went to MySQL and PostgreSQL.

An interesting side note from their announcement: “It is the first time we see three RDBMS winning that competition, in the past we had at least two NoSQL systems among the winners.”

ACIDRain: Study highlights security risk of wrong transaction use

One of the consequences of database normalization is that transactions are needed to work safely. SQL has had transactions for a long time. The latest change in this area was the introduction of transaction isolation levels—25 years ago.

A new study recently analyzed how transactions are used in “12 popular self-hosted eCommerce applications written in four languages and deployed on over 2M websites.” The study found that 11 of them make incorrect use of transactions and “allow attackers to corrupt store inventory, over-spend gift cards, and steal inventory.”

The relevance of this thread (coined ACIDRain attack) is on the rise as more and more applications expose functionality via APIs that can be used to programmatically exploit concurrency related vulnerabilities.

From my Twitter timeline