Monthly Archives: June 2007

SQL Injection Attacks

Posted on Sunday, 24 June, 2007 by Colin Mackay

Every day I see messages on various forums asking for help with SQL. Nothing wrong with that. People want to understand how something works, or have a partial understanding but something is keeping them from completing their task. However, I frequently … Continue reading

Posted in Uncategorized | Tagged , , , , | Leave a comment

UPDATE: Sql Injection Attacks

Posted on Sunday, 24 June, 2007 by Colin Mackay

As a follow up to my post on preventing SQL Injection Attacks a couple of months ago I just found this little nugget, I Made a Difference[^], and it shows what can be achieved if you don’t secure against SQL Injection attacks – and … Continue reading

Posted in Uncategorized | Tagged | 1 Comment

Please please please learn about SQL Injection Attacks

Posted on Sunday, 24 June, 2007 by Colin Mackay

Here are two more great blog entries about preventing SQL Injection Attacks First, Bertrand Le Roy gives some excellent advice about how to spot potential sites for injection attacks and how to get yourself out of that mess: Please, please, please, … Continue reading

Posted in Uncategorized | Tagged | Leave a comment

Protecting Tables from SQL Injection Attack

Posted on Sunday, 24 June, 2007 by Colin Mackay

A recent question in a forum that I view asked about how to ensure that even if one layer of security was compromised that the table would only ever return one row at a time so that an attacker would have … Continue reading

Posted in Uncategorized | Tagged | Leave a comment

Friendly Error Messages (or not)

Posted on Sunday, 24 June, 2007 by Colin Mackay

Microsoft are normally quite good at producing friendly error messages when things don’t work out. However today I rebooted my machine after installing security updates, I fired up Visual Studio and then attempted to open the solution I was working … Continue reading

Posted in Uncategorized | Tagged | Leave a comment

Tenets of Transparency

Posted on Sunday, 24 June, 2007 by Colin Mackay

Eric Sink, Software Craftsman (and I really love that title) for SourceGear has written an article for MSDN about how ISVs can increase transparency and improve trust in their customers. I especially like his comments on product licence enforcement as … Continue reading

Posted in Uncategorized | Tagged | Leave a comment

Lean Software Development: An Agile Toolkit

Posted on Sunday, 24 June, 2007 by Colin Mackay

Lean Software Development: An Agile Toolkit by Mary Poppendieck and Tom Poppendieck with Forewords by Jim Highsmith and Ken Schwaber A review of sorts The book defines a number of tools to assist you in implementing an agile approach to … Continue reading

Posted in Uncategorized | Tagged , | Leave a comment

What I’ve been up to

Posted on Saturday, 23 June, 2007 by Colin Mackay

I’ve not posted anything for a while so I thought I’d show of some of my better photos that I have uploaded to Flickr (just to show you what I’ve been up to). These are my ten favourite photos that … Continue reading

Posted in Uncategorized | Leave a comment

Things I keep forgetting about FileInfo

Posted on Saturday, 23 June, 2007 by Colin Mackay

This is going to sound like a real newbie post. But I keep forgetting this particular bit of information and I keep having to write little throw away applications to find out the answer. FileInfo has a number of properties … Continue reading

Posted in Uncategorized | Tagged , | Leave a comment

Normalising the data model

Posted on Saturday, 23 June, 2007 by Colin Mackay

Sometimes I see on forums someone who is trying to get some SQL statement to wield data in a particular way but the data model is just thwarting their attempts, or if they do get something to work the SQL … Continue reading

Posted in Uncategorized | Tagged , , | 2 Comments