Database development

Timothy Smith
Before designing our security testing, we should know what types of attacks will do the most damage to our business

Security Testing Around Our Business Model and Risks

June 9, 2020 by

When we create an environment and consider our security testing from development to production and how changes are deployed throughout each environment, we want to consider what we’re protecting and how much resources we’ll devote to this protection. Every company has limited resources, so protecting against all possible threats will not be something we can achieve.

Read more »
Aveek Das
Child Function Executed

Calling an AWS Lambda function from another Lambda function

June 9, 2020 by

In this article, I am going to explain how to create an AWS Lambda function and then call this function from another Lambda function within the same region. This is a useful scenario in which we may need to execute a second lambda function based on the outcome of some previous logic. Another scenario may be to execute a second lambda function several times by using different parameters.

Read more »
Aveek Das
AWS Explorer

Getting started with AWS Toolkit for Visual Studio Code

June 8, 2020 by

In this article, I am going to explain how to start using the AWS Toolkit for Visual Studio Code to develop serverless functions locally. Serverless applications or functions gives us the ability to develop, test and execute code in the cloud without having to worry about the underlying infrastructure. These applications are scalable which means we can easily increase or decrease the resources consumed by them. AWS Toolkit for Visual Studio Code is an extension available for Visual Studio Code using which we can directly communicate with the resources on Amazon within the code editor.

Read more »
Aveek Das
Deployment Report

Exploring actions and tasks in the SQLPackage Utility

June 4, 2020 by

In this article, I am going to explain in detail about actions and tasks in the SQLPackage Utility. In my previous article, I have explained the overview of the SQLPackage utility. The SQLPackage utility is a command-line utility tool provided by Microsoft to automate SQL Server database deployments. Since this utility is cross-platform, you can easily install it on any operating system of your choice. SQLPackage actions are the types of functions that we can achieve with this utility. You can install this utility directly on any production server and it can be used as is. You can find more information about this utility and SQLPackage actions from the official documentation from Microsoft.

Read more »
Timothy Smith
We can see the option to enforce password policy when we manually create a login through the interface or selecting this option as ON when scripting logins for creation

Security Testing SQL Logins with the PWDCOMPARE function

June 3, 2020 by

In this article, we’ll look at using the built-in PWDCOMPARE function in SQL Server for security testing passwords. While this tool may seem like it exposes a weakness in Microsoft SQL Server because we can test for passwords, it should be of note that an attacker could do the same attack by attempting to login to our database server assuming the attacker was able to access a connection to it. Therefore, this function does not increase the risk of an attack on SQL Server but does help us identify possible weaknesses in our environment so that we can quickly mitigate these risks. In addition, we’ll also combine this with other related tools in SQL Server to help us with logins.

Read more »
Frank Solomon

Lever T-SQL for Pinpoint Control of ORDER BY in a Stored Procedure

June 1, 2020 by

Introduction

The T-SQL ORDER BY clause sorts SQL Server SELECT statement result sets, and it becomes important when we build stored procedures. Unfortunately, the syntax offers no flexible way to directly control the ORDER BY clause behavior with argument values. This means we don’t have an easy way to control the specific column or columns that the ORDER BY clause sorts. Additionally, SQL Server does not offer a flexible way to directly control the ascending or descending order of any ORDER BY clause column with argument values. Of course, we can certainly hard-code the ORDER BY clause in a stored procedure, but this approach becomes fixed in stone. We could try a dynamic SQL solution, involving a stored procedure code that dynamically builds and executes SQL Server statements inside a stored procedure. However, this technique becomes tricky, and it can lead to SQL injection attacks. Other techniques might rely on CASE statements, and their complexity can become overwhelming as the column count grows. This article spotlights a clean, efficient, pinpoint T-SQL stored procedure technique that directly sorts one, some, or all SELECT statement result set columns. The technique avoids dynamic SQL, and it operates directly in a stored procedure. The article also shows how to set the ascending or descending sort order of specific columns.

Read more »
Aveek Das
Download SQL Package Utility

Getting Started with the SQLPackage Utility

May 28, 2020 by

In this article, I’m going to explain in detail about the SQLPackage utility that is provided by Microsoft in order to automate database deployments. In my previous article regarding Data-Tier Applications in SQL Server, I have mentioned how to create a DACPAC and a BACPAC file from an existing SQL Server Database. The underlying technology behind creating the DACPAC and the BACPAC files is the SQLPackage utility, which helps to create those files.

Read more »
Frank Solomon
Run the DYNAMIC_ROW_NUMBER_PARTITIONS stored procedure with a T-SQL EXEC statement, and see the result set.

Lever T-SQL to dynamically define duplicate SQL Server database table rows

May 11, 2020 by

Introduction

Lever T-SQL to handle duplicate rows in SQL Server database tables article highlighted T-SQL features that detect and handle duplicate SQL Server table rows. The techniques work well, but they rely on fixed duplicate row definitions. This article extends those techniques, showing how to define duplicate rows in a dynamic way.

Read more »
Aveek Das
Export Data Tier Applications in SQL Server Management Studio

An introduction to Data-Tier applications in SQL Server

April 29, 2020 by

In this article, I’m going to introduce the data-tier applications in SQL Server. As the official documentation from Microsoft says – “Data-tier applications in SQL Server are a logical entity that can be used to develop and manage most of the SQL Server objects like tables, views, stored procedures, functions etc. as a self-contained package“. Essentially, what that means is it is a component of SQL Server, using which we can develop, build, test and deploy databases for SQL Server just like we can do for any other web or desktop applications.

Read more »