Connection strings

Database makers

Open Data

Open Data is a data set that has been made available for public use, reuse, and redistribution.

SQL injection

SQL injection is a security vulnerability that tries to abuse user input. EG:

"select * from users where name='" + UserName "';" //if 's not escaped as '', may become:
select * from users where name='' or ''='';

"select * from users where name='" + UserName "';"  //if --s not checked, may become:
select * from users where name='' or (1=1)--';

"select * from users where name='" + UserName "';"  //if ;s not checked, may become:
select * from users where name='';delete users

"select * from users where id=" + UserID  //if datatype or length not checked, may become:
select * from users where id=4 or id is not null;

//Limit the permissions given to the SQL login.
//Instead of "SELECT * ...", use something like "SELECT price ..."
//Store sensitive info like passwords as hashes.

Articles and Pieces

Not all the articles, just some I found interesting or useful. Perhaps I should do these as blog posts instead.

Database Journal

Database Journal [databasejournal.com].

Erland Sommarskog

Erland Sommarskog [sommarskog.se].

SQL Server Central

SQL Server Central [sqlservercentral.com].

SQL Team

SQL Team [sqlteam.com].

Miscellany

Miscellany

  • 4GuysFromRolla.com/WebTech/SQLGuru/
  • DatabaseJournal.com
  • IDC.com. "the world's leading provider of technology intelligence, industry analysis, market data, and strategic and tactical guidance to builders, providers, and users of information technology." Sort of like Gallup polls for the IT industry.
  • TPC.org. The Transaction Processing Performance Council, "a non-profit corporation founded to define transaction processing and database benchmarks and to disseminate objective, verifiable TPC performance data to the industry.". Used by Intel, AMD, Oracle, MS SQL Server, etc.'
  • SQLMag.com
  • SQLQuiz.com. Generates quizzes with 15 random questions (from around 500) on basic SQL. Geared for people fairly new to SQL. Very clean and simple. Could be used for learning or very basic SQL screening. I'm surprised that there are no ads!
  • SQLServerCentral.com. 'the largest Microsoft SQL Server community on the web with 230,636 registered members! SQLServerCentral.com offers you thousands of SQL Server articles, FAQs, scripts, and forums to help your professional development as a DBA, developer or user of SQL Server.'
  • SQLTeam.com.
  • SQL Tutorial [firstsql.com/tutor.htm]. For the SQL 92 standard.
  • SQL-tutorial.com. Free simple SQL tutorial.


GeorgeHernandez.comSome rights reserved