September 2004
Data Security: Stop SQL Injection Attacks Before They Stop You
To execute a SQL injection attack, a hacker writes a Web page that captures text in a textbox to be used to execute a query against a database. The hacker enters a malformed SQL statement into the textbox that causes the back-end database to perform operations the owners did not intend it to perform, like making unauthorized updates. This article explains how you can protect against the all too common SQL injection attack in your own database. The steps covered include data validation, proper exception handing, and much more. Paul Litwin
SQL Server 2005: Unearth the New Data Mining Features of Analysis Services 2005
In SQL Server 2005 Analysis Services you'll find new algorithms, enhancements to existing algorithms, and more than a dozen added visualizations to help you get a handle on your data relationships. Plus, enhancements to the Data Mining Extensions to SQL along with OLAP, DTS, and Reporting Services integration make it possible to create a new breed of intelligent apps with embedded data mining technology. Here the author explains it all. Jamie MacLennan
Express Editions: Get a Lean, Mean Dev Machine with the Express Editions of Visual Basic and SQL Server 2005
The Express Editions of Visual Basic and SQL Server 2005 have lots of the features of the full-sized versions, but with a lot less of the overhead. Professional developer features such as full IntelliSense support, local debugger, Add Web Reference, and the improved Visual Data Tools will all be available in the Express products, so you don't have to leave your favorite features behind. In this article the author introduces you to these express editions and builds a sample app to get you started. Brian A. Randell
Data Deployment: Streamline Your Database Setup Process with a Custom Installer
Database setup can be a tough and time-consuming process and sometimes fall victim to human error. Microsoft Installer or InstallShield can help, as can your own custom installer. In this article, the author tackles one approach to writing database installers and demonstrates the process with a working code sample. Alek Davis
Design Patterns: Simplify Distributed System Design Using the Command Pattern, MSMQ, and .NET
Service-oriented architecture is a great framework when you need to perform distributed computing tasks over the Internet. But when you want to perform processing inside your local network, a different solution may provide a better fit. That solution, based on the Command pattern, uses Windows services and Microsoft Message Queuing to implement a queued system that meets your needs better than a service-oriented solution. This article explains how to build it. Brad King
(944 KB)
Columns
| Editor's Note: Camp MSDN Magazine
Welcome back to the autumn term! We hope you had a great summer. We've been hard at work roasting marshmallows, making gimp bracelets, and learning how to make a baked brie using only twigs and berries.
|
New Stuff: Resources for Your Developer Toolbox
MimarSinan International has released InstallAware Professional Edition, which generates script-driven, Web-based Windows® Installer setups with customized user interfaces. Installations run on all existing Win32® platforms and do not require the . Theresa W. Carey
|
Web Q&A: Caching Transforms, Connection Sharing, and More
Edited by Nancy Michell
|
| Data Points: Handling Data Concurrency Using ADO.NET
One of the key features of the ADO. NET DataSet is that it can be a self-contained and disconnected data store. It can contain the schema and data from several rowsets in DataTable objects as well as information about how to relate the DataTable objects—all in memory. John Papa
|
Test Run: Automate Testing of Your Stored Procs
Many Windows®-based applications have a SQL Server™ back-end component that contains stored procedures. Although techniques to automatically test functions in the front-end code are well known, the techniques to write test automation for stored procedures are not. James McCaffrey
|
Advanced Basics: Being Generic Ain't So Bad
Ispeak at a lot of user groups and conferences where I field tech support questions. Recently, a conference attendee (I'll call him Adam) came up to me with a sheaf of printouts, along with the following question. Ken Getz
|
| Cutting Edge: Design Smarter Tracing for ASP.NET Pages
Tracing is important to the success of your ASP. NET applications. When tracing is enabled for an ASP. NET page, a large chunk of runtime information is appended to the page's output for your perusal. Dino Esposito
|
The ASP Column: What's in ASP.NET Config Files?
Even though you've been using ASP. NET for a while, how much do you really know about ASP. NET configuration files? While you've probably touched the Web. config file from time to time, there are some nuances involved in configuring ASP. George Shepherd
|
Basic Instincts: Thread Synchronization
My last three Basic Instincts columns have examined techniques for using asynchronous delegates and creating secondary threads. Those columns demonstrated how to introduce multithreaded behavior into your applications. Ted Pattison
|
| Bugslayer: Three Vital FXCop Rules
In the June 2004 installment of the Bugslayer column, I introduced the amazing FxCop, which analyzes your . NET assemblies for errors and problems based on code that violates the . NET Design Guidelines. John Robbins
|
C++ Q&A: Performance Monitoring, Managed Extensions, and Lock Toolbars
In the June 2004 issue of MSDN®Magazine, I described a class called ShowTime that you can use to do simple performance monitoring for your app. ShowTime uses its constructor/destructor to record the start/stop times of its existence so you can instantiate it in a block of code like so: { ShowTime st(_T("Total time is:")); // some lengthy operation } . Paul DiLascia
|
{End Bracket}: Tune in to Channel 9
If you fly United Airlines, you can hear what's going on in the cockpit by turning the radio dial to Channel 9. Now if you want to get inside the head of Microsoft you can tune to Channel 9 on the MSDN Web site (see https://channel9.
|