Speaking at Augusta Developer's Guild
Tomorrow night, May 28th, I'll be speaking the Augusta Developer's Guild. This is a make-up from earlier in the year...
2009-05-27
1,379 reads
Brian Kelley
- Interests: Chess, Reading, Soccer (Football), Baseball, Animals, Theology
SQL Injection - Why I Don't Think Parameterization is Enough
One of the main defenses touted against SQL injection attacks is to use proper parameterization at the application layer. But while this gets most of the cases, there are clearly examples where this alone fails. For instance, consider the stored procedure...
2009-05-20
3,948 reads
Sick? Stay home!
Yesterday I did something I wouldn't have thought of doing a year ago: I stayed home. When I woke up,...
2009-05-19
843 reads
SQL Injection - Why I Don't Think Parameterization is Enough
Note:Since there have been several comments on this, I'm using parameterization at the application layer in the security sense of...
2009-05-15
2,705 reads
Rant: Is It an Effective Control or Not?
This is spurred on by a comment a pen tester made. He was referring to a particular technology and said something to the effect of, "What do you expect? It's 30 year-old technology." I was stunned when the comment was relayed to me. My response...
2009-05-13
2,363 reads
Rant: Is It an Effective Control or Not?
This is spurred on by a comment a pen tester made. He was referring to a particular technology and said...
2009-05-05
1,247 reads
Security Basics: Defense-in-Depth
In my security presentations, another basic I talk about is defense-in-depth. The idea here is to produce multiple layers of protection against a particular attack. For instance, imagine malicious code against your home computer. This is a case where...
2009-05-05
1,971 reads
A Dead Zune and Choices
Shortly after the Zune debuted, I purchased one. And I've been happy with it. It's done everything I expected out...
2009-05-04
857 reads
New Community Resource for IT Pros - Server Fault
Not too long ago the developer community got a fantastic resource called Stack Overflow. It's a question and answer site,...
2009-05-01
1,058 reads
Midlands PASS May Meeting
The Midlands PASS Chapter will be meeting next Thursday night, May 7, at Training Concepts. We have the privilege of welcoming...
2009-04-30
1,412 reads
Blogs
Another Change
By Steve Jones
Today Redgate announced that we are partnering with Bregal Sagemount, a growth-focused private equity...
Using Prompt AI to Help Setup Data Analysis
By Steve Jones
I used Claude to build an application that loaded data for me. However, there...
NVMe vs SCSI: Real-World Performance Testing for SQL Server Workloads on VMware
End-to-end NVMe vs SCSI testing over NVMe/TCP to a Pure Storage FlashArray: TPC-C and...
Forums
Simplifying WHERE Condition with LIKE test on multiple columns
Good Evening, Is there a simpler way to rearrange the following WHERE condition: [Column_1]...
Which Table I
Comments posted to this topic are about the item Which Table I
Using Python notebooks to save money in Fabric: The Fabric Modern Data Platform
Comments posted to this topic are about the item Using Python notebooks to save...
Question of the Day
Which Table I
I have this code in SQL Server 2022:
CREATE SCHEMA etl;
GO
CREATE TABLE etl.product
(
ProductID INT,
ProductName VARCHAR(100)
);
GO
INSERT etl.product
VALUES
(2, 'Bee AI Wearable');
GO
CREATE TABLE dbo.product
(
ProductID INT,
ProductName VARCHAR(100)
);
GO
INSERT dbo.product
VALUES
(1, 'Spiral College-ruled Notebook');
GO
CREATE OR ALTER PROCEDURE etl.GettheProduct
AS
BEGIN
SELECT ProductName
FROM product;
END;
GO
When I execute this code as a user whose default schema is dbo and has rights to the tables and proc, what is returned? See possible answers