Security
As I mentioned in my last post I've begun investigating the SQL Server CLR. I decided after getting warmed up to commit to an entire series of articles and I've just finished the first one on security. I figured it would be the best place to start as I know it's an unknown for a lot of people who are either still considering a SQL 2005 upgrade or have upgraded and aren't sure what to think of the new CLR feature. In fact I'm willing to bet there are a lot of DBAs out there who won't give it a...
As I look around the net at different articles and tutorials I'm surprised at how many use Dynamic SQL for samples. Even after the many warnings about SQL injection attacks. But there are other issues besides security. One of which is performance - dynamic SQL performs very poorly when not used properly. So I decided to write an article pointing out how poorly dynamic SQL can be if improperly used. I hope it will convince some to change how they write their client SQL code. Here's the link:http://www.codeproject.com/cs/database/ParameterizingAdHocSQL.aspI might even write another article that expands on this idea to put...
I've been pretty busy and haven't had time to post in a while, but this week I ran into something I thought was worthy of posting. I'm working on writing a "poor man's" load balancer for our databases. I won't go into the background this time as I will likely post details on the load balancer once I've completed it. But when it came time to work on gathering data using the System.Diagnostics.PerformanceCounter I ran into the expected permissions issue. Most examples involved using ASP.Net to display performance data, and all the examples I was running into recommended using either...