SQL Injection Attacks by Example A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration. "SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different -- and better -- approaches. There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation. So we'll do it in steps. A standalone query of
.net - Procedure expects parameter which was not supplied Home PHP Security Guide How to: Configure SQL Express to accept remote connections « Ricardo D. Sanchez This is a copy of the post that used to exist here for which I got some complaints since some people where still trying to read it when looking at an answer I wrote on StackOverflow a few years ago and the page was not there anymore. The above is an exact replica of the original post, hope it helps: I just installed SQL express 2008 recently and wanted to use it for a test application that I have in a hosted server. Go to Start – All Programs – Microsoft SQL Server 2008 – Configuration Tools – SQL Server Configuration ManagerSelect and expand the SQL Server Network Configuration node and then select your SQL express 2008 database. Click Apply and OK.You now need to restart SQL express 08, to do this, select the SQL Services node in the same SQL Server Configuration Manager and the right-click on the name of your SQL express 08 instance and select restart. That’s it! Good Luck! Like this: Like Loading...
Web Design Trends in 2011 There is a thin line between design and development, and as we move into a new decade, this line is becoming extremely blurry. Is it enough to draw beautiful mock ups in Photoshop? Maybe 5 years ago. These days, the average internet user requires more. How will you stay relevant as a designer in 2011? Take a gander at the top 11 trends for 2011. 1. What a gratifying sigh of relief! Now that’s shown, please understand that Flash and HTML5 are not equal opponents. Perhaps even more exciting is the fact that CSS3 is available to us in a real way this year. 2. Simplicity. Shades of green create this Twitter visualization tool. Red can be jarring if done incorrectly. 3. Smartphones, iPads, netbooks, oh my! Creating a mobile ready website is not simply removing the bells and whistles from your design. With the help of CSS3, primarily media queries, mobile web design has taken a big leap forward (more on this later). 4. Parallax scrolling: not just for old school video games. 5. 6. 7. 8. 9.
Top 50 Ruby on Rails Websites - Social Shopping, Design & Technology – StoreCrowd How to Dynamically Create Thumbnails In this week's screencast, I'll show you how to upload files and then have PHP dynamically create a thumbnail. Whether you're building an ecommerce site, or just a simple gallery, these techniques will absolutely prove to be useful. If you're ready for your "spoonfed" screencast of the week, let's get going! *Note - There have been a few slight changes to the code after some additional thinking and some great suggestions. The Simple Config File The first step is to create a simple config file where we can store a few variables. $final_width_of_image - This variable will store the width of our thumbnail. Save this file as 'config.php' and place it in the root of your folder. The HTML Next, create a new page called "index.php" and paste the following. First, scroll down a bit to the body tag. Any time that you're going to be working with the "file upload" input type, you need to add an "enctype" attribute to the form tag. Now, scroll back up to the PHP code at the top. Saving the File Finished
SQL Server 2008 R2 | Database Management System Capabilities Breakthrough, in-memory performance With SQL Server 2014, new in-memory capabilities for transaction processing and enhancements for data warehousing complement our existing technologies for data warehousing and analytics. Scale and transform your business with, on average, a 10x performance gain for transaction processing while still using existing hardware, and a greater-than 100x performance gain for data warehousing. Learn more Proven, predictable performance SQL Server consistently leads in TPC-E, TPC-H and real-world application performance benchmarks. Learn more High availability and disaster recovery Gain greater uptime, faster failover, improved manageability, and better use of hardware resources through AlwaysOn, a unified solution for high availability. Learn more Enterprise scalability across compute, networking, and storage With Windows Server, physical processing now scales up to 640 logical processors, and virtual machines scale up to 64 logical processors.
PHP security tips PHP is one of the most popular web programming languages today. The reason is it is easy to learn, and yet robust enough to successfully power even the most complicated applications. This has its downsides. PHP community is large and very open, and often beginners learn wrong things or nothing at all about PHP security. PHP is very “forgiving” language and many users do not think about securing their applications. Programmer must always be on alert and know form where the attack can come. NEVER trust user input I will repeat, never trust your users. When this gets executed, the query looks like this: As the ”=” is always true, this guy is logged in even if he does not know the password. My tip is to always escape user input before doing anything with it. This way, the input gets escaped and harmless, and this simple doing gets you secured from most of the SQL related attacks. XSS attacks XSS attack or Cross site scripting is basically injecting malicious client script into a website.
Coding Horror: A Visual Explanation of SQL Joins I love the concept, though, so let's see if we can make it work. Assume we have the following two tables. Table A is on the left, and Table B is on the right. We'll populate them with four records each. id name id name -- ---- -- ---- 1 Pirate 1 Rutabaga 2 Monkey 2 Pirate 3 Ninja 3 Darth Vader 4 Spaghetti 4 Ninja Let's join these tables by the name field in a few different ways and see if we can get a conceptual match to those nifty Venn diagrams. There's also a cartesian product or cross join, which as far as I can tell, can't be expressed as a Venn diagram: SELECT * FROM TableA CROSS JOIN TableB This joins "everything to everything", resulting in 4 x 4 = 16 rows, far more than we had in the original sets.