Uncategorized

Keynote Today: SQL [Server] Injection Specific Techniques to Fight…

by Ben Taylor

Keynote Today: SQL [Server] Injection
Today’s keynote features code you can use, web pages to swallow "500" errors and full tips on working to beat injection.
[Hope to see you there]

Project Estimation Tales, Part… well, Part .Next.
Chuck: "This all sounds way too familiar and troubling, especially those requests for estimates that are from Product Mgmt. Here we have a thing called a SWAG request. It sounds formal, but, when I asked what it meant, was told "silly wild-a** guess". I must have missed that class when I was in school."

KJ: "I deal with this issue in a straightforward way that seems to work well. And I have "worked" this tactic both as a provider of IT development services and as a purchaser.

1:Fixed bids only for all work.

2:Comprehensive specifications are required as the basis for the fixed bids.

3:Specifications must include both functional and non-functional requirements.

4:Any changes to specifications for deliverables after fixed bid agreement is reached, to be estimated themselves as "change orders"
also to be contracted using a fixed bid, and again, based on comprehensive specifications for the change from the original spec.

5:The IT vendor foots the bill for work effort required for creating the fixed bid, and verifying that the specifications are satisfactory for the vendor to produce the bid.

If the purchaser cannot provide comprehensive specifications satisfactory for development of a fixed bid, consultation and assistance can be provided on a time and materials basis for generation and/or enhancement of the specs.

The above is the concept in use as a standard in the large scale construction industry for many decades and although there is rarely the perfect original spec that never requires a change order, is a proven industry standard.

If it’s good enough for building roads, bridges, homes, buildings, etc. it should be good enough for a software development effort.

What idiot builder would consider bidding on, or accepting a non-trivial construction project, and what idiot contractors would actually attempt to build building, without the BLUEPRINT?"

*Indeed*.

Featured White Paper(s)
SQL Server 2008: What to Expect
Microsoft SQL Server 2008 has many great new features that will allow you to develop higher performing, more scalable next-ge… (read more)

SQL Server Virtualization Management
Virtualization is becoming the popular practice in many environments, allowing organizations of all sizes to utilize resource… (read more)

Author: Ben TaylorBen is a Relational Database veteran starting in the early eighties on DEC Vax database systems such as Bloom and Harvest. He has specialized in SQL engines for more than two decades, with a primary focus on Microsoft SQL Server. Ben has worked with small and large databases for both OLAP and OLTP working on systems for many industries such as Medical (Medical Claims and Eligibility Warehouse, HMO Provider Management, Enrollment), Financial (credit card processing, mortgage, stock portfolio management), Manufacturing (Assembly Line and Product Assemblies), Sales, Auto Auctions and more.