SQL Injection isn't special code. It consists of regular, valid T-SQL that is unexpected by the application. Steve Jones notes that using the principle of least privilege can help to limit the damage from SQL Injection if the application fails to properly check input.
2015-12-28 (first published: 2011-04-12)
598 reads
This Friday Steve Jones has a poll about which SQL Servers might impress you. Is there a company or installation that you think would really showcase the power and scalability of SQL Server?
2015-12-25 (first published: 2011-05-06)
491 reads
We all make mistakes, but it's important that we revise our code to correct them over time.
2015-12-24
121 reads
2015-12-23
198 reads
A new series of attacks were proven recently using music files to attach embedded systems in cars. Could this be another attack vector that we need to worry about?
2015-12-22 (first published: 2011-03-23)
575 reads
2015-12-21
322 reads
Today we have a guest editorial from Andy Warren. We still have many applications runnning under sysadmin accounts, often "sa". Why do people do this? Andy has a few thoughts on the subject.
2015-12-21 (first published: 2011-05-04)
525 reads
2015-12-17
224 reads
2015-12-15
204 reads
This week Steve Jones looks at how we make secutiy decisions for our systems, and whether this is really the best way to do things.
2015-12-14
98 reads
By Steve Jones
This was Redgate in 2010, spread across the globe. First the EU/US Here’s Asia...
By John
Today is Christmas and while I do not expect anybody to actual be reading...
By Bert Wagner
Until recently, my family's 90,000+ photos have been hidden away in the depths of...
Comments posted to this topic are about the item SQL Server 2025 Backup Compression...
Comments posted to this topic are about the item The Large Encoded Value
Comments posted to this topic are about the item The Side Job
I want to use the new BASE64_ENCODE() function in SQL Server 2025, but return a string that isn't large type. What is the longest varbinary string I can pass in and still get a varchar(8000) returned?
See possible answers