Search Results

Search found 33585 results on 1344 pages for 'sql execution plan'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 173/1344 | < Previous Page | 169 170 171 172 173 174 175 176 177 178 179 180  | Next Page >

  • Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

    - by Austin Smith
    I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?

    Read the article

  • How do you version/track changes to SQL tables?

    - by gabe.
    When working in a team of developers, where everyone is making changes to local tables, and development tables, how do you keep all the changes in sync? A central log file where everyone keeps their sql changes? A wiki page to track alter table statements, individual .sql files that the devs can run to bring their local db's to the latest version? I've used some of these solutions, and I'm tyring to get a good solid solution together that works, so I'd appreciate your ideas.

    Read the article

  • Jobs - are your SQL Agent jobs talking to you enough?

    - by fatherjack
    Most DBAs will have at least a couple of servers that have SQL Agent jobs that are scheduled to do various things on a regular basis. There is a whole host of supporting configuration settings for these jobs but some of the most important are notifications. Notification settings are there to keep you up to date on how your job executions went. You have options on types of notification - email, pager, net send, or an entry in the SQL Server Event Log and you get options on when each of these channels...(read more)

    Read the article

  • How would one build a relational database on a key-value store, a-la Berkeley DB's SQL interface?

    - by coleifer
    I've been checking out Berkeley DB and was impressed to find that it supported a SQL interface that is "nearly identical" to SQLite. http://docs.oracle.com/cd/E17076_02/html/bdb-sql/dbsqlbasics.html#identicalusage I'm very curious, at a high-level, how this kind of interface might have been architected. For instance: since values are "transparent", how do you efficiently query and sort by value how are limits and offsets performed efficiently on large result sets how would the keys be structured and serialized for good average-case performance

    Read the article

  • Would SQL certification be a good idea to compensate for a gap in experience?

    - by SK9
    I have a couple of years of experience with SQL Server, mostly basic tasks of writing queries and stored procedures, but have not been employed for a number of years (getting my masters in a totally unrelated field). I've been applying for months and no prospects yet as it seems most companies are worried about the gap in my employment. Do you think it would be worthwhile to get a SQL certification? I'd really appreciate your insights since I truly don't know what to do. Thanks!

    Read the article

  • Strange intermittent SQL connection error, fixes on reboot, comes back after 3-5 days (ASP.NET)

    - by Ryan
    For some reason every 3-5 days our web app loses the ability to open a connection to the db with the following error, the strange thing is that all we have to do is reboot the container (it is a VPS) and it is restored to normal functionality. Then a few days later or so it happens again. Has anyone ever had such a problem? I have noticed a lot of ANONYMOUS LOGONs in the security log in the middle of the night from our AD server which is strange, and also some from an IP in Amsterdam. I am not sure how to tell what exactly they mean or if it is related or not. Server Error in '/ntsb' Application. A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) Source Error: Line 11: Line 12: Line 13: dbConnection.Open() Line 14: Line 15: Source File: C:\Inetpub\wwwroot\includes\connection.ascx Line: 13 Stack Trace: [SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)] System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +248 System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +245 System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, SqlConnection owningObject) +475 System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject) +260 System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart) +2445449 System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) +2445144 System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) +354 System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) +703 System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options) +54 System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject) +2414696 System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject) +92 System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) +1657 System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) +84 System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +1645687 System.Data.SqlClient.SqlConnection.Open() +258 ASP.includes_connection_ascx.getConnection() in C:\Inetpub\wwwroot\includes\connection.ascx:13 ASP.default_aspx.Page_Load(Object sender, EventArgs e) in C:\Inetpub\wwwroot\Default.aspx:16 System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25 System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +42 System.Web.UI.Control.OnLoad(EventArgs e) +132 System.Web.UI.Control.LoadRecursive() +66 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428 Version Information: Microsoft .NET Framework Version:2.0.50727.3053; ASP.NET Version:2.0.50727.3053

    Read the article

  • Should a developer write their own test plan for Q/A?

    - by Mat Nadrofsky
    Who writes the test plans in your shop? Who should write them? I realize developers (like me) regularly do their own unit testing whilst developing and in some cases even their own Q/A depending on the size of the shop and the nature of the business, but in a big software shop with a full development team and Q/A team, who should be writing those official "my changes are done now" test plans? Soon, we'll be bringing on another Q/A member to our development team. My question is, going forward, is it a good practice to get your developers to write their own test plans? Something tells me that part of that might make sense but another part might not... What I like about that: Developer is very familiar with the changes made, thus it's easy to produce a document... What I don't like about that: Developer knows how it's supposed to work and might write a test plan that caters to this without knowing it. So, with the above in mind, what is the general stance on this topic? I'm of course already reading books like the Mythical Man-Month, Code Complete and a few others which really do help, but I'd like to get some input from the group as well.

    Read the article

  • Survey: how do you unit test your T-SQL?

    - by Alexander Kuznetsov
    How do you unit test your T-SQL? Which libraries/tools do you use? What percentage of your code is covered by unit tests and how do you measure it? Do you think the time and effort which you invested in your unit testing harness has paid off or not? Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!...(read more)

    Read the article

  • Did You Know? More online seminars!

    - by Kalen Delaney
    I am in Tucson again, having just recorded two more online workshops to be broadcast by SSWUG. We haven't set the dates yet, but we are thinking about offering a special package deal for the two of them. The topics really are related and I think they would work well together. They are both on aspects of Query Processing. The first was on how to interpret Query Plans and is an introduction to the topic. However, it only includes a discussion of how SQL Server actually processes your queries. For example,...(read more)

    Read the article

  • T-SQL Tuesday #028: Whaddya Mean, “Not Your Job?”

    - by merrillaldrich
    This T-SQL Tuesday, hosted by Argenis Fernandez ( Blog | Twitter ) is devoted to the question, “Are you a Jack-of-all-Trades? Or a specialist?” This question really hits home for me, on a number of levels. (Aside: I have huge respect for Argenis – he’s smart, funny, no-nonsense, very accomplished. If you don’t follow him, do.) If you have read any of my previous ramblings on this blog, you may know I was originally educated as an architect – the bricks and mortar kind, not the information systems...(read more)

    Read the article

  • T-SQL Tuesday #028: Whaddya Mean, “Not Your Job?”

    - by merrillaldrich
    This T-SQL Tuesday, hosted by Argenis Fernandez ( Blog | Twitter ) is devoted to the question, “Are you a Jack-of-all-Trades? Or a specialist?” This question really hits home for me, on a number of levels. (Aside: I have huge respect for Argenis – he’s smart, funny, no-nonsense, very accomplished. If you don’t follow him, do.) If you have read any of my previous ramblings on this blog, you may know I was originally educated as an architect – the bricks and mortar kind, not the information systems...(read more)

    Read the article

  • SQL SERVER Merge Operations Insert, Update, Delete in Single Execution

    This blog post is written in response to T-SQL Tuesday hosted by Jorge Segarra (aka SQLChicken). I have been very active using these Merge operations in my development. However, I have found out from my consultancy work and friends that these amazing operations are not utilized by them most of the time. Here is my [...]...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Sql Server 2008 - Cannot connect to local default instance

    - by Tone
    I recently rebuilt my machine to Windows 7 x64, installed Sql Server 2008 enterprise. I can connect fine to other remote instances via Management Studio (be they 2000, 2005 or 2008), but i cannot find my local default instance. I have verified that a directory was created for the default instance C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER I can connect to SQLEXPRESS instance fine I have rerun setup to ensure I have everything installed I have verified that the SQLSERVER(MSSQLSERVER) service is running I have tried brownsing for the instance and see all the others available except my local one I have tried using this for servername: TSOUTHERLANDPC\MSSQLSERVER, the first part being my local machine name My issue is not the same as this post or this post. Any ideas?

    Read the article

  • SQL Server 2008 log issue

    - by George2
    Hello everyone, I am using SQL Server 2008 Enterprise. Under logs folder, in my machine it is C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Log, there are three kinds of files, •ERRORLOG, ERRORLOG.1, ERRORLOG.2 ... ERRORLOG.6; •FDLAUNCHERRORLOG, FDLAUNCHERRORLOG.1, FDLAUNCHERRORLOG.2, ...FDLAUNCHERRORLOG.6; •log_207.trc, log_208.trc, ... My question is what are the differnet function of such log files? And why there are files ends with .1, .2, etc? thanks in advance, George

    Read the article

  • How do I resolve the message "Validating WSFC quorum vote configuration - Action Required."

    - by Rob Boek
    I have a 3 node AlwaysOn Availability Group on a 3 node WSFC using node majority. 2 nodes are setup as synchronous with automatic fail-over, the 3rd is setup as asynchronous with manual fail-over. When I try to fail-over using the GUI, I get a warning as shown in the screenshot. There is no warning or error if I fail-over with T-SQL. Adding a file share to the quorum doesn't help. The only way I can resolve the warning is to remove the asynchronous sql instance from the 3rd node (it remains part of the WSFC). Either way, the AlwaysOn dashboard says quorum is OK. Am I missing something? Is this a bug in the GUI that I should just ignore? Clicking "Action Required" gives the following error:

    Read the article

  • notepad sql Unicode and Non Unicode

    - by RBrattas
    Hi, I have a Microsoft Notepad flate file with data and Vertical Bar as column delimiter. I get following message: cannot convert between unicode and non-unicode string data types It seems it is my nvarchar(max) that creates my problem. I changed to varchar(max); but still the same problem. How do I insert my flate file into my SQL Server 2005? And in the SQL Server 2005 import and export wizard the flate file source advanced tab the OutputColumnWith is 50. Will that say my flate file column is max 50? I hope not because my column is more then 50... Thank you, Rune

    Read the article

  • Minimizing SQL transaction log file size on developer box running simple recovery model

    - by Anders Rask
    We have alot of SQL servers on development environment where we never take backup of the databases (TFS for code is enough). The (SharePoint) databases are all set to simple recovery model, but the log files, especially for the SharePoint configuration database is growing quite large and filling up our data drive on the SQL server. Since these log files are never used for anything, i would like advice on how to best minimize the size of these log files -or even disable them if possible. I'm not completely sure why the log files grow so large even on simple logging (checked for long running transactions (DBCC OPENTRAN) but found none). I guess the reason for the log files not being truncated is, that we dont take any backups, and hence Checkpoints arent reached. The autogrowth for log files are set to autogrow by 10% restricted to 2 gb, so i guess that is why Checkpoint (70%) arent reached here either. What would be the be best strategy to keep log files small (best case 0) without sacrificing performance (eg VLF fragmentation)?

    Read the article

  • SQL Server 2008 to Sybase Linked Server (x64) -- Provider and permissions issues

    - by Cory Larson
    Good morning, We're testing a new SQL Server 2008 setup (64-bit) and one of our requirements was to get a linked server up and talking to a Sybase database. We've successfully done so using Sybase's 64-bit 15.5 drivers, however I can't expand the catalog list from a remote machine (connecting to the '08 box with SSMS) without having my network account being added as an Administrator on the actual box and then using Windows Authentication to connect to the server instance. This is going to be problematic when we go live. Has anybody experienced this, or have any input on the permissions in SQL Server 2008 with regards to linked servers? If I remove my network account from the Administrators group, the big error I'm getting is a 'Msg 7302, Level 16, State 1, Line 41' with a description something like "Cannot create an instance of OLE DB provider "ASEOLEDB" for linked server "", and all research points to permissions issues. Thoughts? This document talks about DCOM configuration and permissions, but we've tried all of it with no luck. Thanks

    Read the article

  • NetApp and SQL Server?

    - by Edinor
    Do you have any good or bad experiences to share running SQL Server OLTP Systems on NetApp appliances? I have been working with a small, relatively low-volume cluster with a lower-end NetApp device, and I have found the environment to be generally unstable, at least compared to my experiences with other SANs, iSCSI arrays, and DAS setups. I struggle to believe that RAID DP and WAFL are more than fairy-dust technologies. A solution has been proposed to me that I just need a bigger, better NetApp, with PAM cards and other cool technology I've not heard of, and I feel like I would be better off spending a quarter of that on good direct-attached drives and a beefy server. At the same time, I feel that an Enterprise-class SAN should be something I can count on to be consistently a more stable, better performer than the less expensive solution I might propose. Are you a SQL Server DBA in an OLTP environment and love your NetApp? If you don't like them, why not?

    Read the article

  • SQL Server 2005 Reporting Services - Configuration Manager & Management Studio Problems

    - by Nick
    When I open Reporting Services Configuration Manager on my server, an error message appears that says: Reporting Services Configuration Manager An unknown error has occurred in the WMI Provider. Error Code 800706B3 This error appears before I can even attempt to connect to an SSRS instance. In addition to this problem, I'm not able to connect to my SSRS instance via SSMS on my desktop. When I attempt to connect, I get the following error message: Microsoft SQL Server Management Studio Exception has been thrown by the target of an invocation. (mscorlib) Additional information: The operation could not be completed. (WinMgmt) Information about my environment: Server: Win Server 2K3 x64, SQL 2005 x64 SP3 Build 9.0.4053 Desktop: Windows 7 Enterprise x64 Steps I have already taken: I have installed the latest service pack on my server and workstation. I do not see any errors in my event logs.

    Read the article

  • SQLCMD not recogized despite install of SQL Server Native Client for SQL2008

    - by John Galt
    This little question is part of a much larger issue I am trying to resolve: Does SQLCMD require a separate install or is it included with the Microsoft SQL Server 2008 Native Client (which I just installed on my webserver). Maybe this is just an incorrect path issue. Here is what I tried: C:\>sqlcmd -S tcp:devmojito\mssqlserver2008,1433 'sqlcmd' is not recognized as an internal or external command, operable program or batch file. C:\> This same syntax works when executed from the c drive on my SQL Server machine.

    Read the article

  • MSSQL instance shuts down

    - by citronas
    I'm currently developing a new ASP.net project hosted on a Windows Server 2008 RC2 with an MSSQL 2008 Express Database. I have three SQL instances (for different purposes) running which currently all contain a single database. For apprently no reason, these instances tend to shut down after some days, for no apparent reason. There might be low or none traffic to these instances, because there might be some days in a row, where I can't develop. It now occured several times, that one or two of these three instances just shut down, so that I can't access the database, without manually starting the instance. I can't seem to find a event log entry for the shutdown, which is most likely because I just enabled logging (why is the default setting off?) So the questions are: * Why does a SQL instance shut down? (Is there such thing as a "Shut down instance after 3 days of inactivity"? * How can I achieve that the instances are running 24/7?

    Read the article

  • Using Subversion with SQL Server Management Studio

    - by Mike
    I am a member of a team with 3 developers. We have started using Redmine here for project management and issue tracking and LOVE it. I have seen elsewhere how nicely Redmine can work when a back-end repository is set up for a project. There is nice integration all around. This shop is currently .Net and SQL Server 2005. I am thinking about recommending a move to Subversion for our VCS (so that we can integrate with Redmine). I have seen a product called VisualSVN which will make it possible to use Visual Studio with Subversion, so that covers .Net. But the other big question is if it is possible to configure SQL Server Management Studio to somehow use Subversion for its VCS. Has anyone done this? This shop is currently using Sourcegear Fortress.

    Read the article

  • Can't log in using sa account for sql server 2008

    - by tessa
    I installed SQL Server 2008. During the install I set it to mixed mode authentication and set the password for what I assume is the sa account. In the configuration manager I set tcp/ip and named pipes to enabled. When I open SQL Server Management Studio and try to log in - username: sa, password: whatIjustsetintheinstall, it fails with the error: Login failed for user sa. (error 18456). The error in Event Viewer is - Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: <local machine>]. I know the password is right because I just set it. What am I doing wrong here? Is sa not the right user to be logging in with mixed mode? I've been reading through forum after forum but just cannot find anything that works.

    Read the article

  • SQL Performance Problem IA64

    - by Vendoran
    We’ve got a performance problem in production. QA and DEV environments are 2 instances on the same physical server: Windows 2003 Enterprise SP2, 32 GB RAM, 1 Quad 3.5 GHz Intel Xeon X5270 (4 cores x64), SQL 2005 SP3 (9.0.4262), SAN Drives Prod: Windows 2003 Datacenter SP2, 64 GB RAM, 4 Dual Core 1.6 GHz Intel Family 80000002, Model 6 Itanium (8 cores IA64), SQL 2005 SP3 (9.0.4262), SAN Drives, Veritas Cluster I am seeing excessive Signal Wait Percentages ( 250%) and Page Reads /s (50) and Page Writes /s (25) are both high occasionally. I did test this query on both QA and PROD and it has the same execution plan and even the same stats: SELECT top 40000000 * INTO dbo.tmp_tbl FROM dbo.tbl GO Scan count 1, logical reads 429564, physical reads 0, read-ahead reads 0, lob logical reads 0, lob physical reads 0, lob read-ahead reads 0. As you can see it’s just logical reads, however: QA: 0:48 Prod: 2:18 So It seems like a processor related issue, however I’m not sure where to go next, any ideas? Thanks, Aaron

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 169 170 171 172 173 174 175 176 177 178 179 180  | Next Page >