Search Results

Search found 30398 results on 1216 pages for 'embedded sql'.

Page 66/1216 | < Previous Page | 62 63 64 65 66 67 68 69 70 71 72 73  | Next Page >

  • Is reliance on parametrized queries the only way to protect against SQL injection?

    - by Chris Walton
    All I have seen on SQL injection attacks seems to suggest that parametrized queries, particularly ones in stored procedures, are the only way to protect against such attacks. While I was working (back in the Dark Ages) stored procedures were viewed as poor practice, mainly because they were seen as less maintainable; less testable; highly coupled; and locked a system into one vendor; (this question covers some other reasons). Although when I was working, projects were virtually unaware of the possibility of such attacks; various rules were adopted to secure the database against corruption of various sorts. These rules can be summarised as: No client/application had direct access to the database tables. All accesses to all tables were through views (and all the updates to the base tables were done through triggers). All data items had a domain specified. No data item was permitted to be nullable - this had implications that had the DBAs grinding their teeth on occasion; but was enforced. Roles and permissions were set up appropriately - for instance, a restricted role to give only views the right to change the data. So is a set of (enforced) rules such as this (though not necessarily this particular set) an appropriate alternative to parametrized queries in preventing SQL injection attacks? If not, why not? Can a database be secured against such attacks by database (only) specific measures? EDIT Emphasis of the question changed slightly, in the light of the initial responses received. Base question unchanged. EDIT2 The approach of relying on paramaterized queries seems to be only a peripheral step in defense against attacks on systems. It seems to me that more fundamental defenses are both desirable, and may render reliance on such queries not necessary, or less critical, even to defend specifically against injection attacks. The approach implicit in my question was based on "armouring" the database and I had no idea whether it was a viable option. Further research has suggested that there are such approaches. I have found the following sources that provide some pointers to this type of approach: http://database-programmer.blogspot.com http://thehelsinkideclaration.blogspot.com The principle features I have taken from these sources is: An extensive data dictionary, combined with an extensive security data dictionary Generation of triggers, queries and constraints from the data dictionary Minimize Code and maximize data While the answers I have had so far are very useful and point out difficulties arising from disregarding paramaterized queries, ultimately they do not answer my original question(s) (now emphasised in bold).

    Read the article

  • Why do we need to put N before strings in Microsoft SQL Server?

    - by user61752
    I'm learning T-SQL. From the examples I've seen, to insert text in a varchar() cell, I can write just the string to insert, but for nvarchar() cells, every example prefix the strings with the letter N. I tried the following query on a table which has nvarchar() rows, and it works fine, so the prefix N is not required: insert into [TableName] values ('Hello', 'World') Why the strings are prefixed with N in every example I've seen? What are the pros or cons of using this prefix?

    Read the article

  • Keyboard Shortcuts in Oracle SQL Developer

    - by thatjeffsmith
    The CTRL key, which stands for ConTRoL…aw, the good ole days What keyboard shortcuts should EVERY Oracle SQL Developer user know? How do you find new shortcuts to master, and how do you change them to match ones you’ve already learned in other tools? These are the driving questions for today’s post. While some of us may be keyboard ninjas, and others are more driven to use the mouse – everyone has probably picked up a few strategic keyboard shortcuts over the years. For example, I’ve personally JUST memorized the Cmd-Shift-4 ‘trick’ in Mac OS X. And of course we all know what F1 does, right? Right?!? Here are a few more keyboard shortcuts to commit to memory. My Favorite SQL Developer Shortcuts ctrl-enter : executes the current statement(s) F5 : executes the current code as a script (think SQL*Plus) ctrl-space : invokes code insight on demand Code Editor – Completion Insight – Enable Completion Auto-Popup (Keyword being Auto) ctrl-Up/Dn : replaces worksheet with previous/next SQL from SQL History ctrl-shift+Up/Dn : same as above but appends instead of replaces shift+F4 : opens a Describe window for current object at cursor ctrl+F7 : format SQL ctrl+/ : toggles line commenting ctrl+e : incremental search Configuring Keyboard Shortcuts in SQL Developer Tools Preferences Shortcut Keys Search by command name OR the keystroke itself Some tips… Sort by category Pay special attention to the ‘Code Editor’ and ‘Other’ categories Mind the conflicts when you change the defaults Be nice – share! You can save your new mappings with your co-workers using the Export and Import buttons Click on ‘More Actions’ to expose the Import and Export buttons When I get ‘bored’ or if I think I might be missing something, I peruse the Code Editor and Other categories, again! I’ve picked up quite a few cool editor tricks here. Then I blog about them, like they’re ‘magic.’ #EvilLaugh But the main tip is this – don’t let your previously memorized keyboard shortcuts SHORTCUT your usage of SQL Developer. If your fingers have already memorized some keystrokes, just re-program SQL Developer to match! What’s your favorite shortcut? I’ll use the most popular shortcut mentioned in the comments to round out my Top 10 list above!

    Read the article

  • VS2008 adding SQL Server Database (SQL Server 2008 Mgmt Studio) not working

    - by Kahn
    I'm trying to practice using the ASP.Net MVC at home, but I ran into an impossible problem. I cannot open a connection to SQL Server 2008, I get this error: "Connections to SQL Server files (*.mdf) require SQL Server Express 2005 to function properly. ..." I've googled around for numerous responses, none of them either working or addressing this issue. I'm running Vista 32bit, my SQL Server 2008 Mgmt Studio is also 32bit, I have SP1 installed both on VS2008 Professional, as well as the SQL Server. I changed the machine.config connectionStrings from ./SQLExpress to my SQL Server 2008 name. Now if I connect manually through web.config, in an asp:datasource or code-behind, everything works fine. But for some reason trying to add a DB Connection directly like this always gets the error. This is pretty fatal, since I can't rightly do much unless I can use LINQ to SQL with my MVC test project, and this is the only way I know how. Worked fine in school and work, but not at home. Installing SQL Server Express 2005, as some have suggested, is not an option. Obviously it HAS to work with SQL Server 2008. Thanks in advance.

    Read the article

  • SQL Server 2008 Service Pack 1 and the Invoke or BeginInvoke cannot be called error message

    - by Jeff Widmer
    When trying to install SQL Server 2008 Service Pack 1 to a SQL Server 2008 instance that is running on a virtual machine, the installer will start:   But then after about 20 seconds I receive the following error message: TITLE: SQL Server Setup failure. ----------------------------- SQL Server Setup has encountered the following error: Invoke or BeginInvoke cannot be called on a control until the window handle has been created. ------------------------------ BUTTONS: OK ------------------------------ Searching for this issue I found that several people have the same problem and there is no clear solution.  Some had success with closing windows or Internet Explorer but that didn’t work for me; what did work is to make sure the SQL Server 2008 “Please wait while SQL Server 2008 Setup processes the current operation.” dialog is selected and has the focus when it first shows up.  Selected (with the current focus) it looks like this:   Without focus the dialog looks like this: Add a comment if you find out any information about how to consistently get around this issue or why it is happening in the first place.

    Read the article

  • Is their a definitive list for the differences between the current version of SQL Azure and SQL Serv

    - by Aim Kai
    I am a relative newbie when it comes to SQL Azure!! I was wondering if there was a definitive list somewhere regarding what is and is not supported by SQL Azure in regards to SQL Server 2008? I have had a look through google but I've noticed some of the blog posts are missing things which I have found through my own testing: For example, quite a lot is summarised in this blog entry http://www.keepitsimpleandfast.com/2009/12/main-differences-between-sql-azure-and.html Common Language Runtime (CLR) Database file placement Database mirroring Distributed queries Distributed transactions Filegroup management Global temporary tables Spatial data and indexes SQL Server configuration options SQL Server Service Broker System tables Trace Flags which is a repeat of the MSDN page http://msdn.microsoft.com/en-us/library/ff394115.aspx I've noticed from my own testing that the following seem to have issues when migrating from SQL Server 2008 to the Azure: XML Types (the msdn does mention large custom types - I guess it may include this?? even if the data schema is really small?) Multi-part views I've been using SQL Azure Migration Wizard v3.1.8 to migrate local databases into the cloud. I was wondering if anyone could point to a list or give me any information till when these features are likely to be included in SQL Azure.

    Read the article

  • Best Resources for learning SQL? [closed]

    - by Simon
    Possible Duplicate: Good Books and videos for absolute beginner to SQL I have landed a role as a product engineer for a web based product. A big part of the product is allowing its users the ability to create queries with SQL to pull in business information from their back end databases. I know the very basics of SQL and need to spend some time getting a better grasp on SQL. I have the tutorial from w3schools on my ToDo list, but was hoping to get some answers that point me to good resources for learning SQL. I have no preference - I can buy a book (SQL For Dummies?), or online resources, online videos, audio, etc.

    Read the article

  • Error when trying to open SQL Maintenance Plan - SSMS 2008

    - by alex
    If I open SSMS on my client machine, connect to our SQL server, and try and open a maintenance plan on there, I get this error: TITLE: Microsoft SQL Server Management Studio Could not load file or assembly 'msddsp, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified. (Microsoft.DataTransformationServices.Design) ------------------------------ BUTTONS: OK If i try the same thing directly on the server, nothing happens (no errors or anything)

    Read the article

  • SQL Server installation leaves odd hotfix folders on the root

    - by Nick
    I have about a dozen weirdly named folders, for example 5e812807b3e1b04248ed046794a01b, on my d: drive after installing SQL Server 2008. Inside each folder are two subfolders: 1033 and hotfixexpress \1033\eula.txt \1033\finalsql2005information.rtf \1033\hotfix.rll \1033\sqlhotfix.chm \1033\sqlse.rll \hotfixexpress\files\sqlexpr.exe I get access denied whenever I try to delete any of these files / folders. I tried again after stopping all SQL server services, without luck. Any ideas?

    Read the article

  • SQL Server 2008 - "Enhanced read-ahead and scan"?

    - by Chris J
    Hi all, Can anyone point me to, or does anyone know what this "feature" of SQL Server is? Googling for it (also for "Super scan" which seems to be a synonym for the feature) reveals no information other than all the edition comparison pages that exist out there for SQL Server. I'm also not sure whether this is a stackoverflow or a serverfault question. I'll try here on serverfault first, but if folk think stackoverflow may be a better forum, drop me a comment to that effect - ta :-)

    Read the article

  • Don't see job schedule added by sp_add_jobschedule in SQL Mgmt UI

    - by Ariel
    I'm running a script like below on a SQL Server box and, even though it finishes correctly, then when, on SQL Mgmt UI, I right click on that job's properties, go to Schedules, I cannot see the schedule just added... what am I missing? (I'm using the right job_name param, etc) thanks! BEGIN TRY BEGIN TRAN EXEC msdb.dbo.sp_add_jobschedule @job_name = 'Job name', @name=N'Job schedule name', @enabled = 0, @freq_type=1, @active_start_date=20100525, @active_start_time=60000 COMMIT TRAN END TRY BEGIN CATCH SELECT ERROR_Message(), ERROR_Line(); ROLLBACK TRAN END CATCH

    Read the article

  • Run a script prior to start of SQL instance via Windows clusters

    - by Shahryar G. Hashemi
    Hi, We have a Windows 2008 cluster with several SQL 2008 instance. We would like to run a script that modifies 4 registry keys prior to the startup of SQL. I do not know if there is a way to have a script run through Windows 2008 clustering that does that. I have a VBS script to do it and tried to add a Generic Script to an existing cluster group, but it failed saying it could not be registered. Any ideas?

    Read the article

  • sql server 2005 for windows 7

    - by mohamed
    every time i try to install sql server 2005 on windows 7 it tells me error during installation error 1603 installing Microsoft sql server setup support file see log file file for more detailed information fatal error during the installation and setup terminates please advise me to fix this problem

    Read the article

  • SQL Agent Command Line Not Saved

    - by Greg_the_Ant
    I have a SSIS package I am trying to schedule. I create a new job under SQL Server Agent. On the Command line tab of the jobstep, I choose "Edit the command-line manually". The changes are retained as I switch from tab to tab within the job step but whenever I exit and save the job, the changes are lost. Any ideas what's going on? I'm on SQL Server 2008.

    Read the article

  • Don't see job schedule in SQL Mgmt UI added by sp_add_jobschedule

    - by Ariel
    I'm running a script like below on a SQL Server box and, even though it finishes correctly, then when, on SQL Mgmt UI, I right click on that job's properties, go to Schedules, I cannot see the schedule just added... what am I missing? (I'm using the right job_name param, etc) thanks! BEGIN TRY BEGIN TRAN EXEC msdb.dbo.sp_add_jobschedule @job_name = 'Job name', @name=N'Job schedule name', @enabled = 0, @freq_type=1, @active_start_date=20100525, @active_start_time=60000 COMMIT TRAN END TRY BEGIN CATCH SELECT ERROR_Message(), ERROR_Line(); ROLLBACK TRAN END CATCH

    Read the article

  • Resources for SQL Server programming?

    - by Undh
    I have tried to search from the web resources for SQL Server programming. Basically I'm trying to search good tutorial for programming SQL Server (creating procedures, triggers, cursors etc.). Can you give some helping hand and show some links for good tutorials?

    Read the article

  • Tracking SQL Server 2008 Timeout Errors

    - by SDReyes
    we got some connections timeouts running a stored procedure in a SQL Server 2008 instance. after a while, the DB started to work as usual, and there weren't any additional timeout errors. So I'm trying to get additional info about the error. Does SQL server 2008 have any kind of error log that I can look into? Do exist any auditing/logging features that I can activate to trace the error (if it happens again)?

    Read the article

  • SQL Server without Powershell

    - by rwallace
    I'm trying to install SQL Server 2008 Express Edition, and it's demanding Windows Powershell and refusing to proceed with the installation. Is there any way to get it to install without Powershell? (The reason I'm asking is not so much for myself personally as to reduce the number of headaches through which I'm going to have to drag other people when I tell them my program needs SQL Server.)

    Read the article

< Previous Page | 62 63 64 65 66 67 68 69 70 71 72 73  | Next Page >