(Erland Sommarskog) In the public forums for SQL Server, you often see people asking How do I use arrays in SQL Server? Or Why does SELECT * FROM tbl WHERE col IN (@list) not work? The short answer to the first question is that SQL Server does not have arrays – SQL Server has tables. However, you ca
Author: SSWUG Research
Lock it down: Use the revised OWASP Top Ten to secure your Web applications — Part 2
(Tom Olzak) In this second installment in a series on the 2007 OWASP Top Ten vulnerabilities, we’ll look at the clear leader in the Web application vulnerability space — cross site scripting (XSS). XSS vulnerabilities have been around for some time. However, the business risk associated with XSS ex
Simplified Thread Synchronization in Windows Vista
(Nick Wienholt) A common coding pattern in multi-threaded development is having a number of worker threads wait to perform a task and having a manager or producer thread queue work items for them. To implement this pattern without resorting to the inefficient process of periodically polling the work
Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non-ASP.NET URLs
(Scott Guthrie) One of the questions I am often asked is “How can I integrate ASP.NET security with Classic ASP other non-ASP.NET URLs?”. Specifically, people want to know if they can integrate ASP.NET’s Forms Authentication, Role Based Security, and URL Authorization features with Classic ASP, PHP
DB2 for Mainframes Gets Native XML with V9.1 Release
(Timothy Prickett Morgan) Having divulged its plans for the improvement of its three key operating system platforms for the mainframe, IBM this week completed the hat trick by getting the “Viper” edition of its database management system, sold as DB2 9.1, up and running on its mainframes. Like the V
When in doubt, XML’it ?
(Remediator) If the reader is unfamiliar with the format and application of XML, this blog entry will be meaningless. If however you are trying to convert out of an existing XML-based data warehouse implementation or dissuade a design team from embracing one before it’s too late – read on.
Ajax and XML: Five common Ajax patterns
(Jack D Herrington) Asynchronous JavaScript + XML (Ajax) was certainly the technology buzzword of 2006 and looks to do just as well or better in 2007. But what does it really mean for your application? And which common architectural patterns are used widely in Ajax applications? Discover five common
Gather query tuning data via Oracle’s dynamic performance views
(Bob Watkins) For several releases now, DBAs and developers have had access to three dynamic performance views—V$SQL, V$SQLAREA, and V$SQLTEXT—that can be used to collect statistics about the performance of their SQL statements. In Oracle 10g, Release 2, a fourth dynamic performance view—V$SQLSTATS—
Database security undermined by protocol loopholes, lax defenses
(Robert Westervelt) A security expert is warning database administrators about a continued loophole in database communication protocols that would allow an attacker to bypass access controls and gain access to critical files. (R)
Streaming with LINQ to XML – Part 1
This is the first of a multi-post series on how to use LINQ to XML in scenarios that require streaming over a large input and/or output data source rather than loading a document into memory, processing it, and saving it. A considerable number of XML users are faced with a dilemma: they are asked to