SQL Injection isn't special code. It consists of regular, valid T-SQL that is unexpected by the application. Steve Jones notes that using the principle of least privilege can help to limit the damage from SQL Injection if the application fails to properly check input.
2015-12-28 (first published: 2011-04-12)
598 reads
Steve Jones talks about the possibility of SQL Injection, or other security issues from malformed input, affecting our lives in new and annoying ways.
2011-04-11
584 reads
Quite a few utility companies and energy producers have ha data breeches in the last year, yet most of them don't have good tools to detect the intrusions or the support of executive management. Steve Jones talks about this being a problem in many companies.
2011-04-11
97 reads
This Friday Steve Jones asks what you would like to see in Standard Edition. Is there one feature that would make a big difference to you?
2011-04-08
126 reads
If the future of out IT works involves more ad hoc, swarming project teams, are you prepared? Steve Jones talks about social networking being something you might consider as a way to build some skills to work with others in a less formal way.
2011-04-07
105 reads
We never know enough ourselves to be sure that we have completely thought through all the scenarios or holes in our logic. This is why it makes sense for us to have a group that spends time looking for problems.
2011-04-06
195 reads
Today Steve Jones asks for your ideas on Microsoft's Connect. It's a good way to submit bugs and suggestions, but it seems to suffer from a scale problem. What do you think would help?
2011-04-05
155 reads
What value can you place on data? It can be hard to determine, especially when so many sites on the Internet want data to be free. However the New York Times is going to a subscription model, with the idea that there is some value to their data and people will pay for it.
2011-04-04
103 reads
Any DBA who has been bitten by these subtle data integrity issues, or reports that erratically produce the wrong results, will know how much careful testing is involved in mitigating them.
2011-04-04
273 reads
Today Steve Jones talks about changes that are coming to SQLServerCentral.
2011-04-01
198 reads
By Brian Kelley
Following the advice in Smart Brevity improves communication.
By John
Microsoft has released SQL Server 2025, bringing big improvements to its main database engine....
By Steve Jones
A customer was asking about what certain items in Redgate Monitor mean. They have...
Comments posted to this topic are about the item Which Table I
Comments posted to this topic are about the item Using Python notebooks to save...
Comments posted to this topic are about the item Your AI Successes
I have this code in SQL Server 2022:
CREATE SCHEMA etl;
GO
CREATE TABLE etl.product
(
ProductID INT,
ProductName VARCHAR(100)
);
GO
INSERT etl.product
VALUES
(2, 'Bee AI Wearable');
GO
CREATE TABLE dbo.product
(
ProductID INT,
ProductName VARCHAR(100)
);
GO
INSERT dbo.product
VALUES
(1, 'Spiral College-ruled Notebook');
GO
CREATE OR ALTER PROCEDURE etl.GettheProduct
AS
BEGIN
SELECT ProductName
FROM product;
END;
GO
When I execute this code as a user whose default schema is dbo and has rights to the tables and proc, what is returned? See possible answers