Did you change the “sa” password recently? As a DBA, you should be aware that there is a great security risk linked to the sa account. You should always use strongs password for this account and change the password frequently.
You can easily check when the “sa” password was last changed in SQL Server 2005 by executing the following T-SQL code:
SELECT LOGINPROPERTY ('sa', 'PasswordLastSetTime')
The LOGINPROPERTY function gives you lots of information on the logins properties and password policy information for these logins.
Another thing you can do with this function is to look for security attacks. For example if you want to look for brute-force or dictionnary attack on the “sa” account, you can use the following query:
SELECT LOGINPROPERTY ('sa', 'BadPasswordCount')
This will return the number of failed consecutive attempts to login since the last successful login. So if this value goes over a certain value, you can easily see that something might be wrong.
Here is the complete list of properties you can query for using the LoginProperty function:
Returns the number of consecutive attempts to log in with an incorrect password.
Returns the time of the last attempt to log in with an incorrect password.
Returns the number of days until the password expires.
Returns the SQL Server login default database as stored in metadata or master if no database is specified. Returns NULL for non-SQL Server provisioned users; for example, Windows authenticated users.
Returns the login default language as stored in metadata. Returns NULL for non-SQL Server provisioned users, for example, Windows authenticated users.
Returns the length of time the login has been tracked using the password-policy enforcement mechanism.
Returns information that will indicate whether the login has expired.
Returns information that will indicate whether the login is locked.
Returns information that will indicate whether the login must change its password the next time it connects.
Returns the date when the SQL Server login was locked out because it had exceeded the permitted number of failed login attempts.
Returns the hash of the password.
Returns the date when the current password was set.
Differences between temporary tables and tables variables
How to insert a file in an image column in SQL Server 2005
How to add a row number in an SQL Query
It’s stunning to see how many website are still vulnerable to SQL Injection attacks. Many SQL Injection worms are circulating right now and are dropping malicious code in thousands of databases. Even major sites are vulnerable to this type of attack. BusinessWeek, the world-class magazine, was a victim of this kind of attack last September.
From the article at Net-Security:
Folks from Sophos have discovered that the website of BusinessWeek, the world famous weekly magazine, has been attacked by hackers in an attempt to infect its readership with malware.
Hundreds of webpages in a section of BusinessWeek’s website which offers information about where MBA students might find future employers have been affected. According to Sophos, hackers used an SQL injection attack - where a vulnerability is exploited in order to insert malicious code into the site's underlying database - to pepper pages with code that tries to download malware from a Russian web server.
At the time of writing, the code injected into BusinessWeek’s website points to a Russian website that is currently down and not delivering further malicious code. However, it could be revived at any time, infecting hundreds of MBA students looking for high-earning jobs. Sophos informed BusinessWeek of the infection last week, although at the time of writing the hackers' scripts are still present and active on their site.
This goes to show you that, if you are the developer of an internet facing website (or an intranet for that matter), you need to commit yourself to enhance it’s security against these kind of threats. Everyone should adopt secure coding practices as there is no site that will be spared. More and more we will see automated SQL Injection attacks using crawlers, worms and bots and.
As a follow-up on my post on Bizspark, Microsoft’s initiative to provide startups with free versions of their software, here is DreamSpark.
Basically, DreamSpark is the same thing as Bizspark but aimed at students all over the world. DreamSpark is simple, it's all about giving students Microsoft professional-level developer and design tools at no charge. DreamSpark enables students to download and use Microsoft developer, designer, gaming tools, Windows Server 2008 and more. In order to access the softwares available on DreamSpark, students only need to verify their student status once every 12 months.
The full list of software that is available for free on DreamSpark’s site is:
- Visual Studio 2008 Professional Edition
- Visual Studio 2005 Professional Edition
- Expression Studio 2 (includes Web, Blend, Media and Design)
- SQL Server 2008 Developer Edition
- Windows Server 2008 Standard Edition
- IT Academy Student Pass
- Robotics Developers Studio 2008
- SQL Server 2008 Express Edition
- Visual Studio 2008 Express Edition
- XNA Game Studio 2.0 (with 12-month Creators Club Student trial membership)
- Virtual PC 2007
The Microsoft developer, designer and gaming tools available on DreamSpark are NOT 30-day trial versions; they’re the complete and full professional grade versions.
There is a little problem however. If you’re living in Canada like me (and probably in other places too), not every university is participating in this program. Here is the list of the canadian’s universities that are participating as of today:
So, if you’re canadian and not a student of one of these universities, you can’t benefit from this program right now. However, i’m sure that Microsoft is working on integrating more universities into their program.
If you want to have your university added to this program, or if you are a administrator of a university that isn’t currently on Microsoft’s list, go to this page to get more information about enrolling.
Here is my list of some great file hosting sites that make uploading and sharing files really simple.
You are welcome to share if you know more free file hosting services which our readers/viewers may like.
MediaFire - Free File Hosting
With the free account, you get unlimited :
The only downside to this service is the 100Mb file size limit for the free account. The file size limit for the pro account is 10Gb.
File Savr - Free File Hosting
FileSavr.com makes file hosting easier with Web 2.0 technology and the use of Ajax and Flash. FileSavr has 10 GB upload size limit, currently the largest available on the internet. This allows users the flexibility to upload any large file of 10 GB or less.
File Factory - free and simple file hosting service
FileFactory lets you host files up to 300MB for free. You don’t have to register and there is nothing to download. Your files can be downloaded an unlimited number of times! One thing I found very annoying and spammy about FileFactory was the number of ads they have on the page.
FileDen - Free file hosting and online storage
With File Den’s free file hosting and online storage service it’s easy to share files across the internet with friends, family, work associates or anyone else. They allow our users to direct link to their files also giving you the oppurtunity to embed your files into your webpages, myspace or other social networking profiles.
Fileqube - Free Online Storage
Fileqube has an eye-pleasing design that shows its intentions well. When you upload a personal file it gives you a download link, a link to remove the file, and embed code to drop your file’s link on a website. The only downside is the 150MB file size, which is rather small with some of the other sites in comparison.
File Dropper - Free File Hosting for MP3, Videos, Documents
FileDropper’s beauty is in its simplicity. It has one click file hosting where you simply click on the upload button and select your file. After the file is uploaded you are taken to the page where the file is hosted. If the file is an image, it shows the image directly on the page for easier sharing. Upload size is an impressive 5 GB.
8 easy tips to drive traffic from search engines to your site
Microsoft BizSpark - Free MS software for startups
My personal favourites taken from 101 Ways To Know Your Software Project Is Doomed.
- Developers use the excuse of “self documenting code” for no comments
- All of your requirements are written on a used cocktail napkin
- Progress is now measured by the number of fixed bugs and not completed features
- Your source code control system is a series of folders on a shared drive
- Your lead web developer defines AJAX as a cleaning product
- Developers are not responsible for any testing
- All code reviews are scheduled a week before product launch
- Every bug is prioritized as Critical
- Every feature is prioritized as Trivial
- The night shift at Starbucks knows you by name
- To reward you for all of your overtime your boss purchases a new coffee maker
- The lead web developer thinks the X in XHTML means ‘extreme’
- Ever team meeting starts with “Do you want the good news or the bad news…”
The sad part is how many of these actually ring true for real projects in real organizations.
For my own reference, and yours, here's a complete overview of everything possible with a mailto link.
There are a couple of variables you can use in the queryString. As with any other URL, you use the ? to add the query parameters and the & to separate each parameter, which are in the form param=value
Here are the variables you can use in these mailto links:
||to set the recipient, or recipients, separate with comma|
||to set the CC recipient(s)|
||to set the BCC recipient(s)|
||to set the email subject, URL encode for longer sentences, so replace spaces with %20, etc.|
||to set the body of the message, you can add entire sentences here, including line breaks. Line breaks should be converted to |
Some mailto examples
Simple mailto link:
<a href="mailto:firstname.lastname@example.org">mail link</a>
mailto link with subject:
<a href="mailto:email@example.com?subject=email%20subject">mail link</a>
mailto link with multiple recipients:
<a href="mailto:firstname.lastname@example.org,email@example.com">mail link</a>
mailto link with a CC:
<a href="mailto:firstname.lastname@example.orgemail@example.com">mail link</a>
mailto with message body already started:
<a href="mailto:firstname.lastname@example.org?body=these%20mailto%20links%20are%20cool">mail link</a>
mailto with 3 lines of message body:
<a href="mailto:email@example.com?body=these%20mailto%0Alinks%20are%0Acool">mail link</a>
mailto with 3 lines of message body and a BCC:
<a href="mailto:firstname.lastname@example.orgemail@example.com&body=these%20mailto%0Alinks%20are%0Acool">mail link</a>
As you can see, you can add as many of these as you want and stack them on top of each other. On top of that, for the code to be valid HTML, you will have to replace every
Other posts :
How To: Create an Outlook 2003 addin using VSTO SE and Visual Studio 2005
How to insert a file in an image column in SQL Server 2005
Tools for Web developers
Microsoft is launching a new program focused on helping Startups get up and running. The program is called BizSpark and according to Microsoft, the biggest benefits are
- Software. Receive fast and easy access to current full-featured Microsoft development tools, platform technologies, and production licenses of server products for immediate use in developing and bringing to market innovative and interoperable solutions. There is no upfront cost to enroll.
- Support. Get connected to Network Partners around the world — incubators, investors, advisors, government agencies and hosters — that are equally involved and vested in software-fueled innovation and entrepreneurship who will provide a wide range of support resources
- Visibility. Achieve global visibility to an audience of potential investors, clients and partners
Basically, you enroll and are given access to a almost all the nessecary server and development software you need. The server licenses are even prouduction grade, so you can deploy (from what I can tell) cheaply. You are getting a high end MSDN subscription and a lot more, all for free.
There are some important differences between temporary tables:
create table #T (…)
And table variables:
declare @T table (…)
- They are created using the “Create table” syntax, preceding the table name with a ’#’ for a local temp table and ‘##’ for a global temp table.
- The allocated storage space within the TempDB database and entered into the TempDB system tables.
- The table’s actual name is the name is was created with, a large number of underscores and a hash value, to prevent object name collisions if two connections create a temp table with the same name.
- Can have a primary key, defaults, constraints and indexes (however the names of these are not hashed, possibly leading to duplicate object errors for constraints and defaults).
- Can’t have triggers.
- Foreign keys are permitted, but are not enforced.
- Have column statistics kept on them. The algorithm for determining when to update is different to permanent tables.
- Exist until they are dropped, or the connection closes.
- Are visible in any child procedures called from the one where the table was created. Are not visible to parent procedures.
- Created with a Declare statement, prefixing the table name with ‘@’, like all other variables.
- Allocated storage space within the TempDB database and entered into the TempDB system tables.
- The table variable’s name within TempDB starts with a #, followed by a hex string.
- Can have a primary key and defaults. May not have constraints or indexes.
- Can’t have triggers or foreign keys.
- Do not have column statistics maintained on them.
- Exist only while they are in scope, as any other variable, and are automatically dropped when they go out of scope.
- Are not visible in any procedures other than the one they were created in.
- Do not take part in transactions. Data modification done to a table variable within a transaction will remain if the transaction is rolled back.
Aside from those differences, which one will give the best performance you’ll ask me. Well, like a lot of things in the SQL world, it depends.
I would say first that, when in doubt, you should try both solutions as the fastest solution is not always the most obvious one.
Also, be sure to note these important points:
- Table variables are MUCH slower in SQL Server 2005 in comparaison to SQL Server 2000 (I don’t know for 2008).
- Creating a primary key or a clustered index on a temporary table is useful only for large datasets (I would say above 50k records). It as no significant impact on small sets of data. In fact, it can lower your execution performance if you’re using stored procedures as clustered indexes creation forces the recompilation of the stored procedure, which can take more resources than the original query.
Other popular SQL Posts :How to insert a file in an image column in SQL Server 2005
How to get the total number of rows in a database
How to remove leading zeros within an SQL Query
How to track the growth of your database