SecurityRatty: tag: query

Designing SQL Server non-clustered indexes for query optimization

2008-02-14 13:06:47 by Heidi Sweeney in WhatIs: Enterprise IT tips and expert advice

Non-clustered indexes improve SQL Server query performance by focusing queries on a subset of data. In this tip, you'll find guidelines for designing non-clustered indexes, including choosing index fields, when a clustered index should be used instead of a compound index and how statistics influence non-clustered indexes

Tags: index, compound index, indexes, index fields, statistics influence, data, queries, tip, guidelines

SQL Server query to import database names

2008-02-22 15:11:16 by Abbey M. Weintraub in WhatIs: Enterprise IT tips and expert advice

Discover a query that will import all database names into your SQL Server

Tags: sql server, database names, query, import, discover

How to maintain SQL Server indexes for query optimization

2008-03-19 11:33:36 by Heidi Sweeney in WhatIs: Enterprise IT tips and expert advice

Maintain your SQL Server indexes with these techniques for page splits, table partitions, statistics updates and for limiting fragmented indexes. You'll also learn why query optimizer might choose to ignore your non-clustered index and instead opt for a table scan

Tags: sql server indexes, indexes, query optimizer, maintain, page splits, table partitions, table scan, statistics, opt

Massive Coordinated Patch Effort To DNS System Flaw

2008-07-08 17:56:25 by Editor in Cheap Hack

...query IDs VU#927905 - BIND version 8 generates cryptographically weak DNS query identifiers The advisory lists 101 DNS servers, their status and the date of their last update. For the large majority of the servers the status is "Unknown," but several important ones are listed as Vulnerable and all of these were patched either today or late...

Tags: microsoft monthly patches, microsoft, dns servers, isc bind, isc, servers, attacks, internet systems consortium, status

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog

...query parameters is vulnerable to reflected XSS. With a vulnerable application, an attacker can craft a malicious URL and send it to the victim via email or any other mode of communication. When the victim visits the tampered link, the page is loaded along with the injected script that is executed in the context of the victim's session The...

Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check

New faces and predictions for the New Year...

2008-01-22 22:11:00 by sdl in The Security Development Lifecycle

...query of the NVD with "Vendor=Microsoft", "Start Date= January 2007", and "End Date=December 2007" returns 254 matches. A query of NVD without selecting any vendor, and choosing "Start Date= January 2007", and "End Date=December 2007" returns 6532 matches. If my math is correct, that states that Microsoft was responsible for 3.8885 percent of...

Tags: sdl team, team, sdl, sdl blog crew, cve, cve vulnerabilities, microsoft, single prediction, microsoft products

Simplify queries with SQL Server 2005 common table expressions (CTEs)

2008-02-15 12:03:37 by Abbey M. Weintraub in WhatIs: Enterprise IT tips and expert advice

Common table expressions (CTEs) are a handy alternative to using derived tables and views in SQL Server 2005 for retrieving data. There's no need to repeat complex code because CTEs separate code into unique units and they're self-referencing within your query. Here's a CTE how-to with examples, including details for one of its most valuable...

Tags: common table expressions, ctes, repeat complex code, code, sql server, recursive query, query, unique units, cte how-to

Oklahoma Department of Corrections SQL exposure

2008-04-21 11:23:45 by Evan Francen in The Breach Blog

...query as a parameter Fortunately, he didn't accuse me of hacking their site. In fact, he seemed appreciative and promised to pass the details along to their developers The following day, both the SVOR and Offender Search were taken down "for routine maintenance However, when the sites came back up, I noticed that that the "print-friendly...

Tags: social security, oklahoma, sql, residents, oklahoma residents, bad, bad news, department, sql query

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle

...query through the application. This vulnerability allows for unauthorized, interactive, logon to a SQL server which may result in the execution of malicious commands leading to the possible modification (or deletion) of Operating System or user data Combining the use of parameterized queries and stored procedures helps to mitigate the risk of...

Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo