Search Results

Search found 15 results on 1 pages for 'brann'.

Page 1/1 | 1 

  • Is it worth hiring a hacker to perform some penetration testing on my servers ?

    - by Brann
    I'm working in a small IT company with paranoid clients, so security has always been an important consideration to us ; In the past, we've already mandated two penetration testing from independent companies specialized in this area (Dionach and GSS). We've also ran some automated penetration tests using Nessus. Those two auditors were given a lot of insider information, and found almost nothing* ... While it feels comfortable to think our system is perfectly sure (and it was surely comfortable to show those reports to our clients when they performed their due diligence work), I've got a hard time believing that we've achieved a perfectly sure system, especially considering that we have no security specialist in our company (Security has always been a concern, and we're completely paranoid, which helps, but that's far as it goes!) If hackers can hack into companies that probably employ at least a few people whose sole task is to ensure their data stays private, surely they could hack into our small business, right ? Does someone have any experience in hiring an "ethical hacker"? How to find one? How much would it cost? *The only recommendation they made us was to upgrade our remote desktop protocols on two windows servers, which they were able to access because we gave them the correct non-standard port and whitelisted their IP

    Read the article

  • How far should we take the N+N redundancy craziness ?

    - by Brann
    The industry standard when it comes from redundancy is quite high, to say the least. To illustrate my point, here is my current setup (I'm running a financial service). Each server has a RAID array in case something goes wrong on one hard drive .... and in case something goes wrong on the server, it's mirrored by another spare identical server ... and both server cannot go down at the same time, because I've got redundant power, and redundant network connectivity, etc ... and my hosting center itself has dual electricity connections to two different energy providers, and redundant network connectivity, and redundant toilets in case the two security guards (sorry, four) needs to use it at the same time ... and in case something goes wrong anyway (a nuclear nuke? can't think of anything else), I've got another identical hosting facility in another country with the exact same setup. Cost of reputational damage if down = very high Probability of a hardware failure with my setup : <<1% Probability of a hardware failure with a less paranoiac setup : <<1% ASWELL Probability of a software failure in our application code : 1% (if your software is never down because of bugs, then I suggest you doublecheck your reporting/monitoring system is not down. Even SQLServer - which is arguably developed and tested by clever people with a strong methodology - is sometimes down) In other words, I feel like I could host a cheap laptop in my mother's flat, and the human/software problems would still be my higher risk. Of course, there are other things to take into consideration such as : scalability data security the clients expectations that you meet the industry standard But still, hosting two servers in two different data centers (without extra spare servers, nor doubled network equipment apart from the one provided by my hosting facility) would provide me with the scalability and the physical security I need. I feel like we're reaching a point where redundancy is just a communcation tool. Honestly, what's the difference between a 99.999% uptime and a 99.9999% uptime when you know you'll be down 1% of the time because of software bugs ? How far do you push your redundancy crazyness ?

    Read the article

  • What appid should I use with netsh.exe ?

    - by Brann
    The netsh command wants an appid (see here) : netsh http add sslcert ipport=0.0.0.0:8000 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF} I've not been able so far to understand how I'm supposed to know the GUID netsh wants me to provide. Any hints?

    Read the article

  • How can you name the Dataset's Tables you return in a stored proc ?

    - by Brann
    I've got the following stored procedure Create procedure psfoo () AS select * from tbA select * from tbB I'm then accessing the data this way : Sql Command mySqlCommand = new SqlCommand("psfoo" , DbConnection) DataSet ds = new DataSet(); mySqlCommand.CommandType = CommandType.StoredProcedure; SqlDataAdapter mySqlDataAdapter = new SqlDataAdapter(); mySqlDataAdapter.SelectCommand = mySqlCommand; mySqlDataAdapter.Fill(ds); Now, when I want to access my tables, I have to do this : DataTable datatableA = ds.Tables[0]; DataTable datatableB = ds.Tables[1]; the dataset Tables property also got an accessor by string (instead of int). Is it possible so specify the name of the tables in the SQL code, so that I can instead write this : DataTable datatableA = ds.Tables["NametbA"]; DataTable datatableB = ds.Tables["NametbB"]; I'm using SQL server 2008, if that makes a difference.

    Read the article

  • How can I automate the "generate scripts" task in SQL Server Management Studio 2008 ?

    - by Brann
    I'd like to automate the script generation in SQL Server Management Studio 2008. Right now what I do is : Right click on my database, Tasks, "Generate Scripts..." manually select all the export options I need, and hit select all on the "select object" tab Select the export folder Eventually hit the "Finish" button Is there a way to automate this task? Edit : I want to generate creation scripts, not change scripts.

    Read the article

  • Is there a SortedList<T> class in .net ? (not SortedList<Key,Value> which is actually a kind of Sort

    - by Brann
    I need to sort some objects according to their contents (in fact according to one of their properties, which is NOT the key and may be duplicated between different objects) .net provides two classes (SortedDictionnary and SortedList), and both are some kind of Dictionaries. The only difference (AFAIK) is that SortedDictionnary uses a binary tree to maintain its state whereas SortedList does not and is accessible via an index. I could achieve what I want using a List, and then using its Sort() method with a custom implementation of IComparer, but it wouldn't be time-efficient as I would sort the whole List each time I insert a new object, whereas a good SortedList would just insert the item at the right position. What I need is a SortedList class with a RefreshPosition(int index) to move only the changed (or inserted) object rather than resorting the whole list each time an object inside changes. Am I missing something obvious ?

    Read the article

  • How should I use .ico files in a Winforms Application ?

    - by Brann
    I'm developing a WinForms c# 3.0 application. Our designer created quite a lot of .ico files containing all the needed art. The choice of .ico was made because quite often, the same image is needed in several places in different dimensions. Now, it seems .ico files are really annoying to use in visual studio. The only way to use those images seems to be through images list (which aren't supported by all controls). Compared to other resources, you can't write this : foo.Image = global::RFQHUB.RFQHUBClient.Properties.Resources.foo; // Cannot implicitly convert type 'System.Drawing.Icon' to 'System.Drawing.Image' Here are the options I'm considering : create ImageLists of all possible sizes referencing all my icons in my main window. Link these ImageLists from other windows and find a way to export Image objects from the ImageList when I can't use it directly ; since ImageList contains a Draw() method, this should probably be possible. convert all the x.ico I've got in several x16.gif ...x48.gif, and use those through resources. I'd be interested to know if some people have been successfully using .ico resources in a Winform application. In so, how did you set up things ?

    Read the article

  • Very strange Application.ThreadException behaviour.

    - by Brann
    I'm using the Application.ThreadException event to handle and log unexpected exceptions in my winforms application. Now, somewhere in my application, I've got the following code (or rather something equivalent, but this dummy code is enough to reproduce my issue) : try { throw new NullReferenceException("test"); } catch (Exception ex) { throw new Exception("test2", ex); } I'm clearly expecting my Application_ThreadException handler to be passed the "test2" exception, but this is not always the case. Typically, if another thread marshals my code to the UI, my handler receives the "test" exception, exactly as if I hadn't caught "test" at all. Here is a short sample reproducing this behavior. I have omitted the designer's code. static class Program { [STAThread] static void Main() { Application.ThreadException += new System.Threading.ThreadExceptionEventHandler(Application_ThreadException); Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); Application.Run(new Form1()); } static void Application_ThreadException(object sender, System.Threading.ThreadExceptionEventArgs e) { Console.WriteLine(e.Exception.Message); } } public partial class Form1 : Form { public Form1() { InitializeComponent(); button1.Click+=new EventHandler(button1_Click); System.Threading.Thread t = new System.Threading.Thread(new System.Threading.ThreadStart(ThrowEx)); t.Start(); } private void button1_Click(object sender, EventArgs e) { try { throw new NullReferenceException("test"); } catch (Exception ex) { throw new Exception("test2", ex); } } void ThrowEx() { this.BeginInvoke(new EventHandler(button1_Click)); } } The output of this program on my computer is : test ... here I click button1 test2 I've reproduced this on .net 2.0,3.5 and 4.0. Does someone have a logical explanation ?

    Read the article

  • How can I automatically generate sql update scripts when some data is updated ?

    - by Brann
    I'd like to automatically generate an update script each time a value is modified in my database. In other words, if a stored procedure, or a query, or whatever updates column a with value b in table c (which as a pk column (i,j...k), I want to generate this : update c set a=b where i=... and j=... and k=... and store it somewhere (for example as a raw string in a table). To complicate things, I want the script to be generated only if the update has been made by a specific user. Good news is that I've got a primary key defined for all my tables. I can see how to do this using a trigger, but I would need to generate specific triggers for each table, and to update them each and every-time my schema changes. I guess there are some built-in ways to do this as SQL server sometimes need to store this kind of things (while using transactional replication for example), but couldn't find anything so far ... any ideas ? I'm also interested in ways to automatically generate triggers (probably using triggers - meta triggers, huh? - since I will need to update triggers automatically when the schema change)

    Read the article

  • Can I add a delay to sql server transactional replication ?

    - by Brann
    I've got transactional replication configured from a database called DBProd to another database called DBWarehouse ; everything works fine, and transaction are usually replicated instantaneously to the warehouse .... which is my problem. I'd like to add a slight delay to the replication (something like 10 minutes), so that the replicated database can be used to access a previous version of the database (in case a bug occurs for example) Is there a simple way to achieve this ?

    Read the article

  • Is it a good idea to use a computed column as part of a primary key ?

    - by Brann
    I've got a table defined as : OrderID bigint NOT NULL, IDA varchar(50) NULL, IDB bigint NULL, [ ... 50 other non relevant columns ...] The natural primary key for this table would be (OrderID,IDA,IDB), but this it not possible because IDA and IDB can be null (they can both be null, but they are never both defined at the same time). Right now I've got a unique constraint on those 3 columns. Now, the thing is I need a primary key to enable transactional replication, and I'm faced with two choices : Create an identity column and use it as a primary key Create a non-null computed column C containing either IDA or IDB or '' if both columns were null, and use (OrderID,C) as my primary key. The second alternative seams cleaner as my PK would be meaningful, and is feasible (see msdn link), but since I've never seen this done anywhere, I was wondering if they were some cons to this approach.

    Read the article

  • How can I send rich emails using the user's mail client ?

    - by Brann
    I need my .net program to send rich emails (usually containing table data, around 20 columns x 10 rows) using the user's mail infrastructure, allowing him to review/edit the mail before sending it, and storing the mail in his 'sent items' folder. mailto: seems the obvious choice, but unfortunately, it doesn't support neither attachments nor html bodies. It seems some clients support some extra features (e.g. Outlook 97 used to support a &Attach tag, but this is not the case for more recent versions). I could use mailto and try to format the text body to look nice (using tabs, etc), but this isn't really elegant and wouldn't support huge data. using automation seems a very huge task, as I would need to automate dozens of clients (4 or 5 versions of outlook, lotusnotes, thunderbid, etc.) ... This would be a huge task and it's not really my core business ... I could send emails through code and write my own mail form to let the user edit the mail, but this would have a lot of drawbacks : the user would need to manually configure the mail server settings he wouldn't have access to his contact directory the mail wouldn't be sent in his sent items folder This seems a quite common issue, but I haven't found any satisfying solution yet ; does someone knows of a library supporting this (ie containing automation logic for most mainstream email clients?). Or an alternative to mailto ?

    Read the article

  • Is it possible to raise an error if a variable assignment in a select returns multiple values?

    - by Brann
    I just found a bug on one of my softwares where I had forgotten a where clause. The code was something like that : declare @foo bigint declare @bar bigint select @foo = foo, @bar=bar from tbFooBar where (....a long list of condition goes there) (... and an extra condition should have went there but I forgot it) Unfortunately, the where clause I forgot was useful in very specific corner cases and the code went through testing successfully. Eventually, the query returned two values instead of one, and the resulting bug was a nightmare to track down (as it was very difficult to reproduce, and it wasn't obvious at all that this specific stored procedure was causing the issue we spotted) Debugging would have been a lot easier if the @foo=foo had raised an exception instead of silently assigning the first value out of multiple rows. Why is that this way? I can't think of a situation where one would actually want to do that without raising an error (bearing in mind the clauses 'distinct' and 'top' are there for a reason) And is there a way to make sql server 2008 raise an error if this situation occurs ?

    Read the article

1