February 26, 2010 at 11:15 pm
Welsh Corgi (2/26/2010)
Thank you Jeff. I read your link concerning the SQL Injections.However there is a lot more to consider that what is addressed in this article.
You are a respected member of this forum but I do not appreciate the hits below the belt.
However you do not have to be so disreprectful in your replies for it is not condussice to a constructive dialogue,
You re are very smart but you are also very negative and cocky...
I didn't see anything disrespectful in Jeff's posts, unless you consider being told you are wrong disrespectful. That is certainly no worse that you saying that a DBA that used dynamic SQL is reckless and irresponsible. If you are not prepared to have your opinions challenged and to defend them, then this may not be the place for you.
In any case, this is a forum that is read by many people and the forum members are usually more concerned about making sure wrong information is not left unchallenged than worrying about the feelings of the person who posted the wrong information.
February 26, 2010 at 11:17 pm
...
For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
February 26, 2010 at 11:24 pm
...
For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
February 26, 2010 at 11:35 pm
Complete guide to posting on the forums: http://meta.wikimedia.org/wiki/Don't_be_a_dick
:laugh:
Let's move on.
Paul White
SQLPerformance.com
SQLkiwi blog
@SQL_Kiwi
February 26, 2010 at 11:37 pm
Welsh Corgi (2/26/2010)
So there are no DBA's that recognize that there are risk to Dynamic SQL?If I'm wrong then I respectfully respect that you forgive me for identifying the negatives of Dynamic SQL.
When is my War Crimes Tribunal?
🙂
Anything is a risk if you don't know what you are doing or do not implement it correctly.
I posted an example that does not have a risk of SQL injection, so saying that dynamic SQL by itself is risky is not true. If you disagree, please show how you can do a successful injection against the procedure I posted.
February 26, 2010 at 11:37 pm
So there are no DBA's that recognize that there are risk to Dynamic SQL?
If I'm wrong then I respectfully respect that you forgive me for identifying the negatives of Dynamic SQL.
We all recognize the risks of Dynamic SQL and we also take necessary care to avoid the risks. But If you have a pain in your finger, chopping your hand off is not the solution.
How to post data/code on a forum to get the best help - Jeff Moden
http://www.sqlservercentral.com/articles/Best+Practices/61537/
February 26, 2010 at 11:40 pm
Kingston Dhasian (2/26/2010)
If you have a pain in your finger, chopping your hand off is not the solution.
In fairness, it is *a* solution, just probably not optimal :laugh:
Paul White
SQLPerformance.com
SQLkiwi blog
@SQL_Kiwi
February 26, 2010 at 11:40 pm
Welsh Corgi (2/26/2010)
Jeff,Have yo ever been a victim of SQL Injection?
If so what hits did you take?
What actions did you take to counter this intrusion and how were you penetrated?
I can honestly say that I've never been a victim of SQL Injection. The actions to take to counter intrusions should always be taken before the attempt at penetration and I'm careful to take those actions.
--Jeff Moden
Change is inevitable... Change for the better is not.
February 26, 2010 at 11:57 pm
Paul White (2/26/2010)
--------------------------------------------------------------------------------
If you have a pain in your finger, chopping your hand off is not the solution.
In fairness, it is *a* solution, just probably not optimal
You are right actually. So the revised statement would be If you have a pain in your finger, chopping your hand off is not the optimal solution.🙂
How to post data/code on a forum to get the best help - Jeff Moden
http://www.sqlservercentral.com/articles/Best+Practices/61537/
February 27, 2010 at 12:03 am
Kingston Dhasian (2/26/2010)
Paul White (2/26/2010)
--------------------------------------------------------------------------------
If you have a pain in your finger, chopping your hand off is not the solution.
In fairness, it is *a* solution, just probably not optimal
You are right actually. So the revised statement would be If you have a pain in your finger, chopping your hand off is not the optimal solution.🙂
BWAA-HAA! "It depends" 😛
--Jeff Moden
Change is inevitable... Change for the better is not.
February 27, 2010 at 12:09 am
Kingston Dhasian (2/26/2010)
Paul White (2/26/2010)
--------------------------------------------------------------------------------
If you have a pain in your finger, chopping your hand off is not the solution.
In fairness, it is *a* solution, just probably not optimal
You are right actually. So the revised statement would be If you have a pain in your finger, chopping your hand off is not the optimal solution.🙂
Cutting off your head to avoid the pain is another possible solution. Again, most would consider it suboptimal.
February 27, 2010 at 12:24 am
...
For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
February 27, 2010 at 12:31 am
...
For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
February 27, 2010 at 12:36 am
Thank you, I appreciate you constructive feedback.
Please let me know when that that I'm scheduled for the war crimes tribunal.
I ask for the mercy of the Forum and for a stay of execution for for I did not intend to offend anyone, I regret that I offended members of this forum, please accept my apology...
Thank you...
Your mercy petition has been accepted at least by one member(me) of the community. We have always learnt in school to Forgive and Forget Thank you very much..:-)
How to post data/code on a forum to get the best help - Jeff Moden
http://www.sqlservercentral.com/articles/Best+Practices/61537/
February 27, 2010 at 12:45 am
...
For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
Viewing 15 posts - 31 through 45 (of 79 total)
You must be logged in to reply to this topic. Login to reply