|
The SQL Programming Language : Complex Queries and Join Queries (part 1) |
In a correctly designed database, for every kind of entity there is a separate table, and the information about one instance of the entity is stored in a row of the table. The information in a database consists of both the information stored in individual tables and the relationships between entries in different tables. |
|
|
|
|
SQL Server : Reporting Services - Report Server Architecture |
Reporting Services combines a mix of Microsoft technologies to create a scalable server-based reporting architecture. You can view this as a middle-tier server in your enterprise planning scenarios. It is one part Web server and one part database server, with a dash of .NET managed code to bring all the pieces together |
|
|
Automating Blind SQL Injection Exploitation |
The techniques we've discussed in this article regarding blind SQL injection enable the extraction and retrieval of database contents in a highly automated manner using either inference techniques or alternative channels. |
|
Blind SQL Injection Exploitation : Using Alternative Channels |
We will discuss four separate alternative channels for blind SQL injection: database connections, DNS, e-mail, and HTTP. The basic idea is to package the results of an SQL query in such a way that they can be carried back to the attacker using one of the three alternative channels. |
|
Blind SQL Injection Exploitation : Using Response-Based Techniques |
Just as we used request timing to infer information about a particular byte, we can also infer state by carefully examining all data in the response, including content and headers. You can infer state either by the text contained in the response or by forcing errors when particular values are under examination. |
|
|
Registering CLR Assemblies for Use with SQL Server |
Assemblies are physical units of deployment that contain managed code. This managed code can be called by CLR stored procedures, CLR functions, CLR triggers, CLR user-defined aggregates, and CLR user-defined data types. Assemblies are stored externally from SQL Server and thus can be used by other applications. |
|
|
|
|
|
The SQL Server 2008 Configuration Manager |
In SQL Server 2005, The Surface Area Configuration Tool was used to manage SQL Server features such as Database mail and xp_cmdshell. In SQL Server 2008, the Surface Area Configuration Tool no longer exists |
|
SQL Server 2008 : Managing Security - Auditing |
Available in SQL Server 2008 Enterprise, automatic auditing can be set up by using SQL Server Audit. The Audit object can capture activity in the database server and save it to a log. Audit information can be stored in a File, Windows Application Log, or Windows Security Log. |
|
Cloud Application Architectures : Database Management |
The trickiest part of managing a cloud infrastructure is the management of your persistent data. Persistent data is essentially any data that needs to survive the destruction of your cloud environment. Because you can easily reconstruct your operating system, software, and simple configuration files, they do not qualify as persistent data. Only the data that cannot be reconstituted qualify. |
|
SQL Server 2005 : Transactions and Exceptions |
No discussion of exceptions in SQL Server can be complete without mentioning the interplay between transactions and exceptions. This is a fairly simple area, but one that often confuses developers who don't quite understand the role that transactions play. |
|
SQL Server 2005 : Exception Handling |
Understanding when, why, and how SQL Server throws exceptions is great, but the real goal is to actually do something when an exception occurs. Exception handling refers to the ability to catch an exception when it occurs, rather than simply letting it bubble up to the next level of scope. |
|
SQL Server 2005 : How Exceptions Work in SQL Server |
The first step in understanding how to handle errors and exceptions in SQL Server is to take a look at how the server itself deals with error conditions. Unlike many other programming languages, SQL Server has an exception model that involves different behaviors for different types of exceptions. |
|
|
Exploring the T-SQL Enhancements in SQL Server 2005 : TOP Enhancements |
In earlier versions of SQL Server, TOP allows you to limit the number of rows returned as a number or a percentage in SELECT queries. With SQL Server 2005, you can use TOP in DELETE, UPDATE, and INSERT queries and can also specify the number of rows (or percent) by using variables or any valid numeric returning expression (such as a subquery). |
|
Blind SQL Injection Exploitation : Using Time-Based Techniques |
Now that we have covered a little background theory on both classes of techniques it is time to dig into the actual exploits. When covering the various methods for inferring data there was an explicit assumption that an inference mechanism existed that enabled us to use either a binary search method or a bit-by-bit method to retrieve the value of a byte |
|
Finding and Confirming Blind SQL Injection |
To exploit a blind SQL injection vulnerability you must first locate a potentially vulnerable point in the target application and verify that SQL injection is possible. |
|
|
SQL Server 2008 Instance Architecture |
When you fire up a SQL Server instance, two main areas are allocated: the code area and memory pool area. The code area is mostly static executable code of the SQL Server kernel; SQL Server .NET Library DLLs |
|
|
|
SQL Azure : Database Growth-Management Strategies |
When your data is on-premises, you can manage your SQL Server database's growth by adding more storage capacity. Typically, an on-premises storage area network is shared across multiple databases and applications, and it's only a matter of acquiring an extra block of storage from the company's storage-management team. Even though a cost is associated with the storage, you still have control over how you distribute your database growth. |
|
SQL Azure : Database-Migration Strategies |
The data definition refers to the design of your database schema, which may include storage-specific objects like tables, views, indexes, constraints, and so on. The data definition is tightly coupled to the type of data stored in the database to achieve optimal performance. |
|
SQL Server 2005 : Implementing Service Broker |
Service Broker is an inter-application messaging agent that provides queuing and messaging within a single instance of SQL Server or between multiple instances. Database applications can use Service Broker to utilize an asynchronous programming model. |
|
SQL Server 2005 : Importing and Exporting Data |
There are several ways of moving large amounts of data either within a single server or between servers. Importing and exporting tasks vary in SQL Server, and each task has an appropriate implementation. |
|
Understanding Snapshot Isolation |
The default transaction isolation level in SQL Server is READ COMMITTED, which prevents statements from reading data that has been modified by another transaction, but not committed. |
|
SQL Server 2008 : Programming Objects - Implementing Triggers |
A trigger is a T-SQL routine stored on the server that is executed automatically in response to an event within SQL Server. You can use triggers to evaluate data before or after a manipulation, to maintain data integrity, to control server operations and access, to audit a server, and to implement business logic. |
|
|
SQL Server 2008 Command-Line Utilities : The sqlservr Command-Line Utility |
The sqlservr executable is the program that runs when SQL Server is started. You can use the sqlservr executable to start SQL Server from a command prompt. When you do that, all the startup messages are displayed at the command prompt, and the command prompt session becomes dedicated to the execution of SQL Server. |
|
|
|