Featured Article(s)
Introduction to Windows Presentation Foundation
With strong emphasis on declarative programming, Windows Presentation Foundation (WPF) formerly code named "Avalon", stands out as one of the most widely popular components added to the new versions of Microsoft .NET Framework for designing and developing applications visually stunning and rich user interfaces. This is the first in the series of articles on Windows Presentation Foundation (WPF) that discusses the features and benefits of WPF and XAML.
Do You Deploy SQL Server Databases?
If so, you know that one of the biggest challenges can be synchronizing target databases with the latest updates you’ve made to support your applications. From schema changes to updates in data and such, it can be really challenging to address all of your target environments to bring them up to speed. This can be especially challenging if the target systems are mixed versions that you need to get on common footing. That’s where Packager Plus comes in – the software creates an executable application that can be intelligent about how it works with your systems. It keeps track of data, schema and other elements, then smartly figures out the things that need to change on the target system, automatically. Check it out – it could really be a huge time and stress saver for your next roll-out. More information here.
Top 25 Program Security Issues of 2008
This article was forwarded to me by a SSWUG reader today and it’s a fantastic article that, frankly, should probably be required reading for every DBA and developer out there. This article talks about the top 25 issues faced by application developers and admins in 2008.
On the list, of course, is SQL Injection – one of the top things we collectively face constantly. If you’re not yet up to speed on injection, just search on SSWUG and you’ll find all sorts of resources not only to understand it, but also to help address it on your own systems. Clearly this was one of the biggest issues for SSWUG readers in 2008. There really was only a handful of weeks that escaped without announcements of new injection attacks reported. New approaches, new techniques and new successes getting past "patch-type" approaches. It was great fun. Really.
Also on the list are some others that should stop and make you think a bit. One that I was suprised is still around and clearly prevalent (or it wouldn’t be on the list) is hard-coded passwords. This is one that warrants consideration in your work and that of the applications that work against your databases. If they’re coming in with application-level security, I could make a case for that being hard-coded (but accessible for changes), but I have seen far too many applications where the access at the user-level is also hard-coded. I’ve seen audit-oriented software like this – where you’re expected to know precisely where each and every change comes from. Not cool.
Check out the list – any surprises? Anything you’d add? Subtract? Email your thoughts here.
Featured White Paper(s)
Six Secrets to SQL Server Availability
Microsoft SQL Server has become the data management tool of choice for a wide range of business critical systems, from electr… (read more)