Stored Procedures are NOT evil… but they can be frustrating!
After a group of RDs started chatting about stored procedures I finally felt like I could join in. Often they talk about .Net and client stuff and well, quite honestly, I don’t care what you do with...
View ArticleSecurity Best Practices
Today Michele and I were chatting about Security. She’s focused a lot on it these days and is chatting with everyone about their best practices… I thought I’d mention a few important links/ideas here:...
View ArticleInstant Initialization – What, Why and How?
Instant Initialization is a new feature of SQL Server 2005 that is based on an NTFS feature that was added to Windows XP (and therefore is also available in Windows 2003 Server). It's a feature that's...
View Article“EXECUTE AS” and an important update your DDL Triggers (for auditing or...
DDL Triggers were a new feature of SQL Server 2005 and while seemingly simple, they are very powerful. DDL Triggers allow you to trap an attempted DDL operation to audit it, prevent it, or do anything...
View ArticleLooking for security vulnerabilities in database code
I've always been concerned with security and I've always stressed the importance of auditing the REAL user context not just the current user (see this post on EXECUTE AS and auditing). So, I generally...
View ArticleClik here to view.
Little Bobby Tables, SQL Injection and EXECUTE AS
OK, I know many of you have seen this before (an oldie, but a goodie!): (image from xkcd.com, with "copy and share" license described here: License) But, what can you do to prevent this? And, when...
View ArticleClik here to view.
EXEC and sp_executesql – how are they different?
In my last post: Little Bobby Tables, SQL Injection and EXECUTE AS, I wanted to highlight how to avoid SQL Injection when using EXEC. A few people brought up the point that I could have avoided SQL...
View ArticleMicrosoft eLearning Resources – Clinic 10259 (SQL 2008 DBIS)
When SQL Server 2008 was in beta, Paul and I worked on a project to create content that would "jumpstart" folks in learning and working with SQL Server 2008. We delivered these "new features" courses...
View ArticleMicrosoft eLearning Resources – Developer Content – 2008 & 2008 R2
In addition to the SQL Server 2008 Database Infrastructure and Scalability content that Paul and I delivered for SQL Server 2008, our colleague Bob Beachemin (blog) also delivered complementary...
View ArticleStatement execution and why you should use stored procedures
OK, so, this is where we're at… When a client application makes a request to SQL Server there are a few ways in which they can do it: Submit an adhoc transact-SQL statement This statement can be...
View Article
