UK SQL Server User Group

Organiser

Allan Mitchell, SQL Server MVP

sqldts.com | sqlis.com | hire me

SQLBlogCasts

Public Content

Microsoft 2005 KB's

Upgrading to SQL Server 2005 fails if .Net framework 3.5 SP1 or later is installed.
Distributed query with an In-Process Mixed OLED DB provider hangs.
Users experience login issues to SQL Server when Logon Triggers are enabled.
Unable to Change the Default Physical Location of Content Databases on SQL server.
You may receive incorrect values when using SCOPE_IDENTITY() and @@IDENTITY.
Correcting the lack of cryptographic salt variation on SQL Server sa login hash.
You get "DTS_E_CANNOTACQUIRECONNECTIONFROMCONNECTIONMANAGER" error message when using Oracle connection manager in SSIS.
You may get "Unable to prepare the SSIS bulk insert for data insertion" error on UAC enabled systems.
FIX: You experience some problems when you perform a grouping members operation on an Excel pivot table whose data source is an SSAS 2005 cube.
FIX: Data is corrupted when you update data that is in an LOB column in a SQL Server 2005 transactional replication.
FIX: The principal database is not recovered if the database has a large number of virtual log files in SQL Server 2005.
FIX: Error message in SQL Server 2005 when you run an update statement on a database whose compatibility level is 6"Msg 4104, Level 16, State 1, Line 1 The multi-part identifier <Alias Name>.<Column Name> could not be bound".
Cumulative update package 8 for SQL Server 2005 Service Pack 3.
How to Uninstall SQL Compact 3.5 after installing SQL Server 2008.
Backing up a SQL Server database using a VSS backup application may fail for some databases.

Microsoft 2008 KB's

Evening Meeting on Wed Oct 28, 2009 in Dundee

Back to Events List

SQL Injection Attacks and Tips on How to Prevent Them

LiveMeeting Attendee URL	Click here to join Meeting
Time	Starts (UK time) at 18:00 , Finishes 21:00
Cost	Free
Organiser	Scottish Developers
Address	Queen Mother Building, Dundee University, Nethergate, Dundee, DD1 4HN
	Directions to Event
Tags	SQL Injection Attack, Security, Best Practices

Wednesday, 28th October 2009 at 19:00 – 21:00
Queen Margaret Building, Dundee University

The Talk

In light of some recent events, such as the man who was convicted of stealing 130 million credit card details through a SQL Injection attack, it is imperative that developers understand what a SQL Injection Attack is, how they are carried out, and most importantly, how to defend your code against attack.

In this talk Colin Mackay will demonstrate a SQL Injection Attack on an application in a controlled environment*. He’ll show you where the vulnerable code lies and what you can do to harden it.

Although this talk uses C# as the application language and Microsoft SQL Server 2008 as the database engine many of the concepts and prevention mechanisms will apply to any application that accesses a database through SQL.

* Demonstrating an attack on a real system without the owner’s consent is a breach of the 1990 Misuse of Computers Act, hence the controlled environment.

The Speaker

Colin Angus Mackay is a Software Developer living in Glasgow. He has been programming since the age of 9 starting with a Sinclair ZX Spectrum. He became a professional software developer in 1994, using a Smalltalk based language called Magik. In 1996 he started using C++ commercially and in 2002 migrated to the emerging language of C#.

Colin has received a number of awards including Code Project MVP (for 5 years) and Microsoft MVP (for 3 years). He is a member of the British Computer Society and a Member of the Institution of Analysts and Programmers. He is currently the chairman of Scottish Developers and has organised the last two Developer Day Scotland conferences (with a third in the works).

You can find out more on his blog.

The Venue

We are meeting in the Queen Mother Building at Dundee University. After the meeting we normally retire to the the bar at Laing’s

The Agenda

18:45 Doors Open
19:00 Welcome
19:10 The Talk (Part 1)
19:55 Break
20:05 The Talk (Part 2)
20:45 Feedback & Prizes
21:00 Repair to the Pub

Registration

Space is limited, to sign up go to http://www.eventbrite.com/event/443957890/sql

Coming Events

Wed, 17 Mar in 3 days LONDON Evening Meeting (125 registered) SQL 2008 Data Warehousing Features (Vincent Rainardi); Index Views and Computed Columns (Neil Hambly); Business Intelligence in Office 2010 - Excel,PowerPivot,SharePoint (Duncan Sutcliffe); finishing with a Q & A on BI with the panel	Sat, 27 Mar in 13 days MANCHESTER Evening Meeting (3 registered) Introduction to Business Intellence in the SQL Server Stack - *Date to be confirmed* - register your interest
Sat, 27 Mar in 13 days MANCHESTER Evening Meeting (5 registered) Introduction to Database Maintenance and Development 101 - *Date to be confirmed* - register your interest	Wed, 21 Apr in 38 days READING Evening Meeting (18 registered) Developer and DBA Focus
Fri, 7 May in 54 days ONLINE Webcast (2 registered) Database Design Part 1 - Why is Normalisation important? What is Normalisation, a look at First Normal Form (1NF) and Boyce Codd (BCNF) Normal Form	Wed, 19 May in 66 days LONDON Evening Meeting (17 registered) Developer and DBA focus
Wed, 23 Jun in 101 days READING Evening Meeting (4 registered) Business Intelligence focus	Wed, 14 Jul in 122 days LONDON Evening Meeting (7 registered) Generic session on SQL Server

Past Events

25 Feb 2010 EDINBURGH Evening Meeting (19 registered) Prize Draw , An evening of performance troubleshooting with Iain Kick , Learning SQL Server with Alistair Board	25 Feb 2010 CARDIFF Evening Meeting (16 registered) Change to Agenda BI Fundamentals: Building an Enterprise ETL Framework in SSIS, Data Warehouse Design
20 Jan 2010 DUNDEE Evening Meeting (7 registered) Allan Mitchell - Intro to SQL Server Integration Services 2008; Tony Rogerson - Intro to SQL Server tools both flavours - DBA and Developer. Usual Nuggets, Usual SQL LiveLock; Q & A; Advice etc..	17 Dec 2009 MANCHESTER Evening Meeting (9 registered) Manchester SQL Server User group - Round the table talks, SQL Nuggets, Informal talk and out for a drink and a chance to win a Copy of Windows 7 and SQL Server 2008
10 Dec 2009 LEEDS Evening Meeting (9 registered) An evening of Service Broker and Powershell	26 Nov 2009 EDINBURGH Evening Meeting (8 registered) Cancelled SQL Server Nuggets and a look into the Newsgroups
26 Nov 2009 LONDON Evening Meeting (57 registered) SQL Server internals and best practice for Absolute Beginners (Tony Rogerson); Nuggest from Dave Ballantyne on Ranking, UDF's; MS Business Intelligence Project Boosters (Siddharth Mehta) - an Introduction to the Power of Policies (Martin Cairney), BakBone product demonstration and the first LiveLock Discussion	18 Nov 2009 LONDON Evening Meeting SQL Azure and what is new in SQL Server 2008 R2
11 Nov 2009 READING Evening Meeting (36 registered) High Availability (Partitioning, File Groups (use of, backup/restore)) and an Introduction to SQL Server architecture - Tony Rogerson; Virtualising SQL Server (why, design, how, issues, solutions, troubleshooting) - Justin Langford	29 Oct 2009 LONDON Evening Meeting (42 registered) Deploying SSRS reports using msbuild (Jamie Thomson); BI 2.0 (Andrew Sadler); Data Warehouse Development Workbench for SQL Server (Steve Hitchman)
28 Oct 2009 DUNDEE Evening Meeting SQL Injection Attacks and Tips on How to Prevent Them	15 Oct 2009 MANCHESTER Evening Meeting (17 registered) Reporting Services evening. Hosted by Chris Testa-O'Neill
14 Oct 2009 READING Evening Meeting (33 registered) Focus: Developer/DBA; Tony Rogerson on TSQL Hints and Tips (CTE Recursion,Case,Partitioning,Sub-Queries,Normalisation/DeNormalisation) and Colin Leversuch-Roberts "How are my servers Today?" - real time monitoring dashboards	8 Oct 2009 CARDIFF Evening Meeting (18 registered) South Wales User Group first meeting - Ensuring Business Continuity (Backups, Mirroring and Monitoring) - Tony Rogerson; SQL 2008 Integration Services - some of the things that make it better - Allan Mitchell.
8 Oct 2009 EDINBURGH Evening Meeting (11 registered) SQL Server Performance Analysis Tools and Powershell

Member Chat

To post messages you must be signed on - please register or logon.

aaronbertrand Sun 2:45PM

@tonyrogerson some people use (SMALL)DATETIME as a key, e.g. for reporting, so GETDATE()/SYSUTCDATE() etc. #sqlfaq #sqlhelp

tonyrogerson Sun 9:44AM

Looking at methods to generate a surrogate key value - IDENTITY, NEWID, NEWSEQUENTIALID, diy, hashing (SHA1 ??) - any more?#sqlfaq #sqlhelp

tonyrogerson Sat 2:18PM

Feels like I'm writing a book on surrogate keys, Part 1 blogged http://bit.ly/bRbFjX (Rules for surrogate keys, problems they solve) #sqlfaq

Jennifer Stirrup Wed 6:49PM

Is anyone hiring at the moment? Looking for a London-based BI focused role

tonyrogerson Wed 12:46PM

@philcr I'd really like to see Surface with a 2008 R2 demo on it taking full advantage of the kit - that would be cool! #sqlfaq