The Trustworthy Computing Security Development Lifecycle

This paper discusses the Trustworthy Computing Security Development Lifecycle (or SDL), a process that Microsoft has adopted for the development of software that needs to withstand malicious attack. The process encompasses the addition of a series of security-focused activities and deliverables to each of the phases of Microsoft's software development process. These activities and deliverables include the development of threat models during software design, the use of static analysis code-scanning tools during implementation, and the conduct of code reviews and security testing during a focused "security push". Before software subject to the SDL can be released, it must undergo a Final Security Review by a team independent from its development group. When compared to software that has not been subject to the SDL, software that has undergone the SDL has experienced a significantly reduced rate of external discovery of security vulnerabilities. This paper describes the SDL and discusses experience with its implementation across Microsoft software.

All about the 'Case'

When installing SQL Server, regardless of versions and editions, SQL Server database administrators tend to choose the default collation and sort-order, which is SQL_Latin1_General_CP1_CI_AS. Though case insensitiveness makes the life of the database developers and database administrator's easy, there are situations where case sensitivity should be enforced just as password checking is enforced.

In this article, I would like to discuss different methods for achieving case sensitivity in a case insensitive database/server.

Customizing SQL Server Reporting Services with .NET Code

With the release of Reporting Services, Microsoft has provided a truly enterprise-level reporting solution. Reporting Services provides support for the entire reporting life cycle including report authoring, report management, and report delivery

SQL Server 2005 Security - Part 4

In this article, we will conclude our coverage of security related changes in SQL Server 2005 Beta 2 (although we will continue discussion of improvements in other functionality areas throughout the reminder of this series). The topics we will focus on here are code and module signing, modifications of SQL Server Agent and SQL Profiler operations, as well as monitoring and auditing changes.

Creating a User Defined Aggregate with SQL Server 2005

SQL Server doesn't have a Product aggregate function. A recent blog post by Karen Watterson pointed out that Microsoft Knowledge Base article Q89656: Simulating a PRODUCT() Aggregate Function discusses how to achieve the Product aggregate functionality using the POWER function. We e-mailed about it and she challenged me to create a Product aggregate in SQL Server 2005. I decided to accept the challenge.

SQL Server 2000 Security - Part 6 - Ownership and Object Permissions

We have described, so far, authorization based on a predefined fixed server (determining a set of SQL server-wide privileges) and database (applying to database objects and activities) roles. We have also discussed application roles, which makes the level of permissions independent of those assigned to a SQL Server login or a database user account. Now it is time to look into permissions from the point of view of database objects. There are two main factors that play a role in determining how access rights to them are evaluated - their ownership and custom permissions. We will discuss the first one of these topics in this article and will continue with the other one in the next installment of this series.

Creating a Daily Visual SourceSafe (VSS) Label with A SQL Agent Job

I worked in a team recently that was failing to put Visual SourceSafe (VSS) labels on projects after they were checked in we decided to look to automation for a solution. What we cam up with is to continue to require that labels be put on versions of code when major builds where created. But we decided to augment that with automated daily labels.

Exploring 'ON DELETE SET NULL' in SQL Server 2005

At first glance, the 'ON DELETE SET NULL' option in SQL Server 2005 may not seem like a big deal, but once you've seen how it can be used, I think you will be impressed. The basics? If Order.CustomerID has a foreign key to Customer.CustomerID and a customer is deleted, 'ON DELETE SET NULL' causes the CustomerID field in each of that customer's orders to be set to NULL. It allows the "parent" record to be deleted and sets the "child" record's column to NULL. A normal foreign key says Order.CustomerID must match a record in Customer. An 'ON DELETE SET NULL' foreign key says that if Order.CustomerID is not null, then its value must match a record in Customer.

MDX Essentials: Set and String Functions: The GENERATE() Function

In this lesson, we will introduce a function that provides us the ability to derive a set by systematically applying a set expression to each of the members of a set we define. GENERATE() is a potent function in our MDX toolset, in that it enables us to select precisely only certain members of a dimension level. It effectively operates upon two sets to create a new set, based upon the members of a second set that are also in a primary set.

Quick! Which specific SQL Server user is logged into which database?

SQL Server's master database stores tables with important and constantly updated information about the state of the SQL server. One of these tables, sysprocesses, can be used to track (in SQL Server itself) which SQL Server users are currently logged in and which database(s) they are accessing.

The quick way to find out if a particular user is accessing a particular table is with a query.