Microsoft has published SQL Server 2008 System Views Poster. This poster should be must have poster for any SQL Server Developer. I have this poster on my wall. If you have extra copy of this postered in print. Do send it to me and I will forward it to developer who are very good but can not afford to get this poster printed in glossy pages.
The Microsoft SQL Server 2008 System Views Map shows the key system views included in SQL Server 2008, and the relationships between them. The map is similar to the Microsoft SQL Server 2005 version and includes updates for the new and updated the Microsoft SQL Server 2008 features such as resource governor, extended events, full-text search, and others.
This is must have poster for every Database Developer and Database Administrator.
[Download is removed as new version of SQL Server is released]
I just came across very interesting article from SANS Institute. Experts from more than 30 US and international cyber security organizations have released list of 25 most dangerous programming errors and their resolution. It may be possible that many of the programmers may not understand what this errors are and how to implement their solution. As said this are 25 most dangerous errors and all the developers should atleast know what they are so they do not are prevented from origin. Here are four major advantages listed by SANS.
Software buyers will be able to buy much safer software.
Programmers will have tools that consistently measure the security of the software they are writing.
Colleges will be able to teach secure coding more confidently.
Employers will be able to ensure they have programmers who can write more secure code.
Following is the list of 25 most dangerous programming errors.
CATEGORY: Insecure Interaction Between Components
CWE-20: Improper Input Validation
CWE-116: Improper Encoding or Escaping of Output
CWE-89: Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)
CWE-79: Failure to Preserve Web Page Structure (aka ‘Cross-site Scripting’)
CWE-78: Failure to Preserve OS Command Structure (aka ‘OS Command Injection’)
CWE-319: Cleartext Transmission of Sensitive Information
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-362: Race Condition
CWE-209: Error Message Information Leak
CATEGORY: Risky Resource Management
CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-642: External Control of Critical State Data
CWE-73: External Control of File Name or Path
CWE-426: Untrusted Search Path
CWE-94: Failure to Control Generation of Code (aka ‘Code Injection’)
CWE-494: Download of Code Without Integrity Check
CWE-404: Improper Resource Shutdown or Release
CWE-665: Improper Initialization
CWE-682: Incorrect Calculation
CATEGORY: Porous Defenses
CWE-285: Improper Access Control (Authorization)
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-259: Hard-Coded Password
CWE-732: Insecure Permission Assignment for Critical Resource
CWE-330: Use of Insufficiently Random Values
CWE-250: Execution with Unnecessary Privileges
CWE-602: Client-Side Enforcement of Server-Side Security
Please go to SANS site and click on each error to find their resolution.
Year 2008 was great year for me. I got plenty of request from readers asking for Top 10 or Top 5 articles of the year 2008. I am including Top 5 Articles of Year 2008 in two different categories. First is my blog SQLAuthority.com and another one is my home page pinaldave.com
TOP 5 Articles at SQLAuthority.com
This section has six links as very first link is repeated again in top 5 pages at pinaldave.com
While developing often my developers need to know which IP address is of local network when looked from outside. I am working in large outsourcing company and we have local intranet setup. When connecting to remote servers from local system or from remote servers to local system we always want to know our Live IP address.
Previously we have used many different methods to know our Live IP but nothing is reliable. External services often go down or provide incorrect information. I have added new feature to my site where any user can visit the page and find out their outgoing IP address.
SQL Server MVP and my very good friend Jacob Sebastian has written two wonderful articles about SQL Server and XML. I encourage to read this two articles to anybody who are interested in learning SQL and XML.
I have previously written article about operation of creating delimited string using COALESCE and no XML but as per telephonic conversation with Jacob COALESCE is only good for one column where as XML can do many more magics.
Jacob has already explained articles in detail so I suggest to read them carefully and digest. If you are not much big on XML, you do not have to spend time on learning this XML. Just take the XML script and use it for your need.
If you are wondering what about two article do, here is simple explanation. First article explains how to convert Sample 1 to Sample 2 and later one explains how to convert Sample 2 to Sample 1. Sample 1:
/* CompanyID CompanyCode ———– ———– 1 1 1 2 2 1 2 2 2 3 2 4 3 1 3 2 */
I am glad to inform all the blog readers regarding new updated banner of this site. I would like to thank Ritesh, Sanjay and Rashmika who have spent their time to create the banner and gift to SQLAuthority.
I really liked the new banner and I think it goes better with the theam of this site. Let me know what is your opinion about new banner.
I came across two interesting web pages and I really thought they had very good articles. I would like to share that with my blog readers today. I am just listing the abstract here. Please read the original articles they are much more interesting and enjoyable.
Readers if you find any interesting site like this, let me know and I will write about it.
Don’t just implement the first design you come out with, but try and refine looking at it from different angles before to start writing code. Don’t just release the first piece of code you come out with, but do a self review and try to make it clearer and better. The best developers/architects are the ones that always criticized their own work in order to make it better.
I have listed few important links of SQLAuthority.com, I still receive some repeated questions. I do my best to respond to all of my readers, however, most of the time I am sending them link to one of my previously written article. Many times most of the answers can be found right away by searching in this blog. I have created special search engine, which exclusively searches in this blog.
Finding good database developer job is very hard and finding good database developer is even harder. For the same reason I have attempted to created only SQL Server related job site – http://jobs.sqlauthority.com where database related job can be posted by employee and found by candidates.
I have written so far more than 500 SQL Server related articles, I keep list of all the articles so I can refer them again when I want to. You can read all of my articles here – SQLAuthority All Articles. I also have some of my favorite articles listed here. I refer them quite frequently. Read SQLAuthority Best Articles.