October 10, 2017 at 12:58 pm
Luis Cazares - Tuesday, October 10, 2017 12:19 PMThom A - Tuesday, October 10, 2017 11:45 AMJeff Moden - Tuesday, October 10, 2017 11:14 AMSteve Jones - SSC Editor - Tuesday, October 10, 2017 8:27 AMThis was interesting. CSV Injection: http://georgemauer.net/2017/10/07/csv-injection.htmlWow! Just ... WOW! Thanks for posting that.
I had a go at this with the calc injection. Excel did warn me, which is good, and I therefore had the option. For it not to happen. I wonder, however, what might happen in different environments. I can imagine Excel 2007 not being as clever.
Are people still using Office 2007?
Holy ____!!!! Steve, thank you very much for posting this. Wow! It looks like I'm going to have some work to do.
October 10, 2017 at 4:03 pm
It's not that alarming, but it is interesting. Especially if you export from your db for import into Excel. The issue is a 2nd level injection, potentially running code that could cause an issue by putting values in the db that get exported to Excel.
October 11, 2017 at 1:42 am
Luis Cazares - Tuesday, October 10, 2017 12:19 PMThom A - Tuesday, October 10, 2017 11:45 AMJeff Moden - Tuesday, October 10, 2017 11:14 AMSteve Jones - SSC Editor - Tuesday, October 10, 2017 8:27 AMThis was interesting. CSV Injection: http://georgemauer.net/2017/10/07/csv-injection.htmlWow! Just ... WOW! Thanks for posting that.
I had a go at this with the calc injection. Excel did warn me, which is good, and I therefore had the option. For it not to happen. I wonder, however, what might happen in different environments. I can imagine Excel 2007 not being as clever.
Are people still using Office 2007?
People are still running SQL Server 2000 and Windows XP. Wouldn't surprise me if people are still using Office 2007.
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
October 11, 2017 at 5:13 am
Thom A - Wednesday, October 11, 2017 1:42 AMLuis Cazares - Tuesday, October 10, 2017 12:19 PMThom A - Tuesday, October 10, 2017 11:45 AMJeff Moden - Tuesday, October 10, 2017 11:14 AMSteve Jones - SSC Editor - Tuesday, October 10, 2017 8:27 AMThis was interesting. CSV Injection: http://georgemauer.net/2017/10/07/csv-injection.htmlWow! Just ... WOW! Thanks for posting that.
I had a go at this with the calc injection. Excel did warn me, which is good, and I therefore had the option. For it not to happen. I wonder, however, what might happen in different environments. I can imagine Excel 2007 not being as clever.
Are people still using Office 2007?
People are still running SQL Server 2000 and Windows XP. Wouldn't surprise me if people are still using Office 2007.
Many have moved, but I do know of one company that's using Office 2003. Thankfully, I don't work there. 😛
October 11, 2017 at 6:30 am
Ed Wagner - Wednesday, October 11, 2017 5:13 AMThom A - Wednesday, October 11, 2017 1:42 AMPeople are still running SQL Server 2000 and Windows XP. Wouldn't surprise me if people are still using Office 2007.
Many have moved, but I do know of one company that's using Office 2003. Thankfully, I don't work there. 😛
I would think that staying that far behind requires more work than an actual migration. At least for workstations.
October 12, 2017 at 5:23 am
Thom A - Wednesday, October 11, 2017 1:42 AMLuis Cazares - Tuesday, October 10, 2017 12:19 PMThom A - Tuesday, October 10, 2017 11:45 AMJeff Moden - Tuesday, October 10, 2017 11:14 AMSteve Jones - SSC Editor - Tuesday, October 10, 2017 8:27 AMThis was interesting. CSV Injection: http://georgemauer.net/2017/10/07/csv-injection.htmlWow! Just ... WOW! Thanks for posting that.
I had a go at this with the calc injection. Excel did warn me, which is good, and I therefore had the option. For it not to happen. I wonder, however, what might happen in different environments. I can imagine Excel 2007 not being as clever.
Are people still using Office 2007?
People are still running SQL Server 2000 and Windows XP. Wouldn't surprise me if people are still using Office 2007.
I was talking with a friend at the last SQLBits - he's still got some servers running SQL 6.5
Thomas Rushton
blog: https://thelonedba.wordpress.com
October 12, 2017 at 6:24 am
That's a handy little node Microsoft have added to SSMS (17.3). They've put "XE profiler" at the bottom of the objects for a serve. Effectively does the job of profiler via Extended Events (but, obviously isn't using profiler). A nice little feature, and much easier to use than having to create an Extended Events for something you don't already have set up (and don't need long term so remove afterwards).
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
October 12, 2017 at 9:18 am
October 12, 2017 at 9:23 am
SSC has been very laggy for me in the last couple of days. Anyone else experiencing that?
The absence of evidence is not evidence of absence.
Martin Rees
You can lead a horse to water, but a pencil must be lead.
Stan Laurel
October 12, 2017 at 9:29 am
Phil Parkin - Thursday, October 12, 2017 9:23 AMSSC has been very laggy for me in the last couple of days. Anyone else experiencing that?
Yep. Around lunch time (BST) it wouldn't even load the forums. Doesn't seem to effect the main site though, only the forums.
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
October 12, 2017 at 9:49 am
Yeah, sporadic for me. I wonder if we have a noisy neighbor. I did ask the devs to dig in. There was a regex change, I'm logging a ticket to see if that's an issue.
Our IT head added some VM resources (CPU/RAM) to the system. I've noticed some slowness for admin stuff when the site seems to work, and vice versa. Strange for sure.
October 12, 2017 at 10:21 am
Thom A - Thursday, October 12, 2017 9:29 AMPhil Parkin - Thursday, October 12, 2017 9:23 AMSSC has been very laggy for me in the last couple of days. Anyone else experiencing that?Yep. Around lunch time (BST) it wouldn't even load the forums. Doesn't seem to effect the main site though, only the forums.
Maybe the underlying database needs some performance tuning😀
😎
October 12, 2017 at 11:17 am
Steve Jones - SSC Editor - Thursday, October 12, 2017 9:49 AMYeah, sporadic for me. I wonder if we have a noisy neighbor. I did ask the devs to dig in. There was a regex change, I'm logging a ticket to see if that's an issue.Our IT head added some VM resources (CPU/RAM) to the system. I've noticed some slowness for admin stuff when the site seems to work, and vice versa. Strange for sure.
Sometimes for me as well, but not all the time. Thanks, Phil. I'm glad someone else noticed and it wasn't just me.
October 12, 2017 at 11:24 am
Things need tuning for sure, though this is a third party app, so @#%$!@#%$%#$
Am going to try and find time to tune this next year and submit PRs to the vendor for inclusion in their updates. Need to let one patch go through this fall and then work on cleaning things up.
October 12, 2017 at 11:29 am
Eirikur Eiriksson - Thursday, October 12, 2017 10:21 AMThom A - Thursday, October 12, 2017 9:29 AMPhil Parkin - Thursday, October 12, 2017 9:23 AMSSC has been very laggy for me in the last couple of days. Anyone else experiencing that?Yep. Around lunch time (BST) it wouldn't even load the forums. Doesn't seem to effect the main site though, only the forums.
Maybe the underlying database needs some performance tuning😀
😎
If I recall, isn't SSC still on SQL Server 2008? :hehe:
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
Viewing 15 posts - 60,091 through 60,105 (of 66,738 total)
You must be logged in to reply to this topic. Login to reply