UK SQL Server User Group

Organiser

Chris Webb

my blog | hire me

SQLBlogCasts

Public Content

Microsoft 2005 KB's

FIX: A Deadlock occurs when two transactions try to perform a DML operation on a table that contains a TABLOCK locking hint or an XLOCK locking hint.
FIX: Heap corruption occurs when you use SQL Server Compact 3.5 Service Pack 2.
Cumulative Update 2 for SQL Server Compact 3.5 Service Pack 2.
You have to reinstall some drivers when you install SQL Server 2005.
FIX: ACCESS_VIOLATION error when you rebuild indexes online in Microsoft SQL Server 2005.
FIX: "SOS_Task::GetCurrent() == m_parentTask" assertion failure occurs when you run a backup and restore command in Microsoft SQL Server 2005 SP3.
FIX: An unresolved deadlock occurs when a database is recovered in Microsoft SQL Server 2005 SP3.
Cumulative update package 11 for SQL Server 2005 Service Pack 3.
FIX: An incorrect cardinality estimate is returned When you run a query in Microsoft SQL Server 2005, Microsoft SQL Server 2008, or Microsoft SQL Server 2008 R2.
FIX: "An SqlCeParameter with ParameterName '<Parameter Name>' is not contained by this SqlCeParameterCollection" error message when you use the .NET Compact Framework Data Provider for SQL Server Compact to access SQL Server Compact 3.5.
A SQL Server 2008 or SQL Server 2005 Analysis Services ROLAP query returns incorrect results.
Microsoft Advisory Services Engagement Scenario – Diagnose SQL Server Compact 3.5 application performance issues and memory issues.
Microsoft Advisory Services Engagement Scenario – Synchronization performance issues of SQL Server Compact 3.5 merge replication.
Microsoft Advisory Services Engagement Scenario – Best practices to reduce data corruption in SQL Server Compact 3.5.
Huge blocking in SQL Server that is used with Configuration Manager 2007 Server.

Microsoft 2008 KB's

Evening Meeting on Wed Oct 28, 2009 in Dundee

Back to Events List

SQL Injection Attacks and Tips on How to Prevent Them

LiveMeeting Attendee URL	This event is not available via LiveMeeting
Time	Starts (UK time) at 18:00 , Finishes 21:00
Cost	Free
Organiser	Scottish Developers
Address	Queen Mother Building, Dundee University, Nethergate, Dundee, DD1 4HN
	Directions to Event
Tags	SQL Injection Attack, Security, Best Practices

Wednesday, 28th October 2009 at 19:00 – 21:00
Queen Margaret Building, Dundee University

The Talk

In light of some recent events, such as the man who was convicted of stealing 130 million credit card details through a SQL Injection attack, it is imperative that developers understand what a SQL Injection Attack is, how they are carried out, and most importantly, how to defend your code against attack.

In this talk Colin Mackay will demonstrate a SQL Injection Attack on an application in a controlled environment*. He’ll show you where the vulnerable code lies and what you can do to harden it.

Although this talk uses C# as the application language and Microsoft SQL Server 2008 as the database engine many of the concepts and prevention mechanisms will apply to any application that accesses a database through SQL.

* Demonstrating an attack on a real system without the owner’s consent is a breach of the 1990 Misuse of Computers Act, hence the controlled environment.

The Speaker

Colin Angus Mackay is a Software Developer living in Glasgow. He has been programming since the age of 9 starting with a Sinclair ZX Spectrum. He became a professional software developer in 1994, using a Smalltalk based language called Magik. In 1996 he started using C++ commercially and in 2002 migrated to the emerging language of C#.

Colin has received a number of awards including Code Project MVP (for 5 years) and Microsoft MVP (for 3 years). He is a member of the British Computer Society and a Member of the Institution of Analysts and Programmers. He is currently the chairman of Scottish Developers and has organised the last two Developer Day Scotland conferences (with a third in the works).

You can find out more on his blog.

The Venue

We are meeting in the Queen Mother Building at Dundee University. After the meeting we normally retire to the the bar at Laing’s

The Agenda

18:45 Doors Open
19:00 Welcome
19:10 The Talk (Part 1)
19:55 Break
20:05 The Talk (Part 2)
20:45 Feedback & Prizes
21:00 Repair to the Pub

Registration

Space is limited, to sign up go to http://www.eventbrite.com/event/443957890/sql

Coming Events

Tue, 7 Sep in 4 days BRACKNELL Evening Meeting SQL Server CLR and T-SQL Functions - Colin Leversuch-Roberts aka GrumpyDBA, Data Tier Applications (DCA) - Neil Hambly	Wed, 15 Sep in 12 days LEEDS Evening Meeting (15 registered) ****Win an MSDN Subscription worth $1,000's ********* Using XML data in SQL Server with Anthony Brown, and Iain Kick from Quest Software talks of Managing SQL Server in a global economic meltdown.
Thu, 16 Sep in 13 days MANCHESTER Evening Meeting (14 registered) ****Win an MSDN Subscription worth $1,000's ********* User group evening with Allan Mitchell and Iain Kick from Quest Software talks of Managing SQL Server in a global economic meltdown	Wed, 22 Sep in 19 days MAIDSTONE Evening Meeting Kent User Group - Analysis Services (Andrew Calvett), TSQL Techniques (Dave Ballantyne)
Thu, 23 Sep in 20 days CARDIFF Evening Meeting (13 registered) Chris Testa O'Neill will be creating a cube with SSAS, Ian Archibald from Attunity demonstrating their CDC products Keep Checking back for further updates	Thu, 30 Sep in 27 days YORK Multi Day Seminar SQLBits 7: The Seven Wonders of SQL - September 30th to October 2nd
Thu, 7 Oct in 34 days EDINBURGH Evening Meeting (5 registered) Implementing Hierarchies using TSQL and the HierarchyId type and understanding aggregation problems (Tony Rogerson); TBD (Allan Mitchell)	Wed, 27 Oct in 54 days LEEDS Evening Meeting (5 registered) User group evening with Martin Bell and SQL Server and Virtualisation with Mike Kiersey
Thu, 28 Oct in 55 days MANCHESTER Evening Meeting (12 registered) SQL Server Replication with Neil Hambly and Martin Bell explores change management in SQL Server 2008	Wed, 8 Dec in 96 days LEEDS Evening Meeting (4 registered) User group evening with Tony Rogerson and Neil Hambly explores indexed views and computed columns
Thu, 9 Dec in 97 days MANCHESTER Evening Meeting (6 registered) User group evening - Agenda to be confirmed	Wed, 19 Jan in 138 days LEEDS Evening Meeting (4 registered) User group evening with Chris Burns and the Resource Govenor and Policy Based Management with Chris Testa-O'Neill

Past Events

19 Aug 2010 EDINBURGH Evening Meeting (11 registered) Execution plans and Performance Tuning (Rob Carrol); Extended Events (Martin Bell)	18 Aug 2010 MAIDSTONE Evening Meeting Kent User Group - Complex Event Processing (Allan Mitchell), Replication (Neil Hambly)
5 Aug 2010 MANCHESTER Evening Meeting (21 registered) Introduction to the Service Broker with Anthony Brown and Creating compelling reports with SQL Server 2008 Reporting Services R2 with Chris Testa-O'Neill	20 Jul 2010 LEEDS Evening Meeting AGI Northern Group meeting: Using geospatial data in the Microsoft world.
14 Jul 2010 LONDON Evening Meeting (92 registered) SQL Server and Disk IO (File Groups/Files, SSD's, Fusion-IO, In-RAM DB's, Fragmentation) - Tony Rogerson; Physical Join Operators in SQL Server - Ami Levin; Complex Event Processing - Allan Mitchell	28 Jun 2010 EDINBURGH Evening Meeting (14 registered) Replication (Components, Adminstration, Performance and Troubleshooting) - Neil Hambly and SQL Server Upgrades (Notes and Best practice from the field) - Satya Jayanty
24 Jun 2010 CARDIFF Evening Meeting (16 registered) Alex Whittles on data warehouse design case studies and an introduction to PowerPivot with Adam Morton	23 Jun 2010 READING Evening Meeting (31 registered) Introduction to NoSQL (Not Only SQL) - Gavin Payne; T-SQL Gotcha's and how to avoid them - Ashwani Roy; Introduction to Recency Frequency - Tony Rogerson; Reporting Services - Tim Leung
17 Jun 2010 LONDON Full Day Seminar SQL Server Master Class with Kimberly Tripp and Paul Randal	27 May 2010 ONLINE Online Q & A Session with the UK SQL Server Product Team
20 May 2010 LONDON Evening Meeting (30 registered) Business Intelligence: Implementing common business calcs using DAX in PowerPivot (Chris Webb); Case Study on how to deal with Metrics on high data volumes	19 May 2010 LONDON Evening Meeting (38 registered) Service Broker (Intro, Terminology, Design Considerations); Monitoring and Controlling Resources in SQL Server (Resource Governor, Data Collector); BakBone NetVault: FASTRecover provides byte-level continuous data protection
7 May 2010 ONLINE Webcast (14 registered) "Cuppa" Corner: Database Design What is and Why is Normalisation important? Domains, Functional Dependencies, Repeating Groups, First Normal Form.	21 Apr 2010 READING Evening Meeting (40 registered) Service Broker (Intro + Guidance), Indexing (Selection, Usage, Fragmentation etc...), Normalisation, Surrogate Keys - Locking considerations
15 Apr 2010 LONDON Evening Meeting (11 registered) Social for SQL and SQL Server professionals - SQL quiz, meet your peers, ask the group Q & A

Member Chat

To post messages you must be signed on - please register or logon.

Stephanie Sullivan Wed 3:34PM

Looking for a lift to sql bits from south wales. Anybody driving up who welcome a reduction in petrol money?

neil_hambly Tue 2:11PM

My next presentation (DAC-PAC) is @ the VBUG Bracknell (7th Sept) http://bit.ly/9ZgObb along with GrumpyDBA (CLR vs TSQL functions) #sqlfaq

allansqlis Sun 9:08PM

Solution to a practical problem when issuing Current Time Increments in StreamInsight http://goo.gl/UhQn #StreamInsight #CEP #sqlfaq

gavinpayneuk Sat 10:02PM

@SQLRich #sqlserver #sqlfaq Using the internal SQL Server encryption tools

sqlrich Sat 9:58PM

@GavinPayneUK Do you mean SQL's internal code or DBA's implementing encryption? #sqlserver #sqlfaq

gavinpayneuk Sat 9:14PM

@mouldie Have they started using SQL's internal encrypt tools or is it still done at the app, o/s or storage level? #sqlserver #sqlfaq

gavinpayneuk Sat 8:40PM

Does anyone bother with encryption actually within SQL Server? #sqlserver #sqlfaq

neil_hambly Sat 9:44AM

Can't stop laughing RT @tonyrogerson: RT @fasel: Mongo DB is web scale :D http://bit.ly/cWY3el #nosql very funny video and so true #sqlfaq

tonyrogerson Sat 9:26AM

RT @fasel: Mongo DB is web scale :D http://bit.ly/cWY3el #nosql very funny video and so true #sqlfaq

bletchleypark Fri 12:00PM

RT @tonyrogerson: I've given up a days pay for the 16th Sept Bletchley Park pledge http://bit.ly/bshbSs, done via paypal #sqlfaq - very worthy cause!

neil_hambly Fri 10:28AM

I have also pledged 1 day RT @tonyrogerson: I've given up a days pay for the 16th Sept Bletchley Park pledge http://bit.ly/bshbSs, #sqlfaq

tonyrogerson Fri 10:10AM

I've given up a days pay for the 16th Sept Bletchley Park pledge http://bit.ly/bshbSs, done via paypal #sqlfaq - very worthy cause!