May 2, 2016 at 8:03 am
This thread has gotten so out of hand.
Can't we just have fun once in a while ? Being serious 100 % time - bleh !
I am curious to see how much lower this can go.:cool:
May 2, 2016 at 8:17 am
Sioban Krzywicki (4/29/2016)
Eric M Russell (4/29/2016)
If you really want, you can also model an entire database containing objects with only spaces for names.create database [ ];
GO
use [ ];
GO
create schema [ ];
GO
create table [ ].[ ]
(
[ ] int
);
GO
create proc [ ] as
select * from [ ].[ ];
GO
:crazy:
Nice! I'll have to try this sometime.
You forgot to define a type.
create database [ ];
GO
use [ ];
GO
CREATE TYPE [ ] FROM varchar(MAX);
GO
create schema [ ];
GO
create table [ ].[ ]
(
[ ] [ ]
);
GO
create proc [ ] as
select * from [ ].[ ];
GO
EXEC [ ];
EXEC sp_help '[ ].[ ]';
GO
USE master;
DROP DATABASE [ ];
May 2, 2016 at 8:23 am
Luis C.
Could not repress a smile when I saw you dropping the bloody database at the end ...:-)
May 2, 2016 at 8:36 am
j-1064772 (5/2/2016)
Luis C.Could not repress a smile when I saw you dropping the bloody database at the end ...:-)
I wouldn't want to keep that. I might actually use it for something serious. :hehe:
May 2, 2016 at 4:25 pm
Luis Cazares (5/2/2016)
Sioban Krzywicki (4/29/2016)
Eric M Russell (4/29/2016)
If you really want, you can also model an entire database containing objects with only spaces for names.create database [ ];
GO
use [ ];
GO
create schema [ ];
GO
create table [ ].[ ]
(
[ ] int
);
GO
create proc [ ] as
select * from [ ].[ ];
GO
:crazy:
Nice! I'll have to try this sometime.
You forgot to define a type.
create database [ ];
GO
use [ ];
GO
CREATE TYPE [ ] FROM varchar(MAX);
GO
create schema [ ];
GO
create table [ ].[ ]
(
[ ] [ ]
);
GO
create proc [ ] as
select * from [ ].[ ];
GO
EXEC [ ];
EXEC sp_help '[ ].[ ]';
GO
USE master;
DROP DATABASE [ ];
I used to do things like this wat back in "olden days". 🙂
But I preferred using TAB instead of SPACE.
And you know what?
Enterprise Manager and Query Analyzer (for those who can't remember - SQL Server 2000 tools) both were working correctly with such tables, allowing me to add, edit, delete records with no issues.
Which allowed me to play jokes on ".Net developers with SQL experience".
Thier pathetic Visual Studio simply not do anything with such objects.
As soon as SQL 2005 was out the fun was over.
SSMS, just like VS, could not work correctly with tables having this kind of characters in their names.
Out of curiosity I've just created a table named [TAB] (single character).
This time I was using SQL 2012 SSMS.
On attempt to add a row I've got an error message:
No row was updated
The data in row NN was not committed.
Error Source: Microsoft.SqlServer.Management.Tools
Error Message: Specified argument was out of the range of valid values.
Parameter name: identifier.
Funny that the row was actually committed.
The error message is an error by itself.
SQL Server engine was able to process the request correctly (this part was not "improved" by MS), but newer MS tools simply could not follow.
_____________
Code for TallyGenerator
June 15, 2016 at 9:49 am
Sioban Krzywicki (4/28/2016)
I keep trying to convince people that the most secure database would be one where they can't use alphanumeric table and column names. I created one that's all pipes like
CREATE TABLE +-- (+-¦ int,
??? varchar(100)
)
I think it'd be better than reserved words.
You might even be able to write the stored procs in LOLCODE https://en.wikipedia.org/wiki/LOLCODE
There's a .NET compiler for it so presumably its possible.
June 15, 2016 at 9:58 am
"... I keep trying to convince people that the most secure database would be one where they can't use alphanumeric table and column names. I created one that's all pipes like ... "
A determined attacker will get through this and will be temporarily annoyed. However, the bona fide developers / DBA's in charge of this will be feeling the pain for the duration of the entire life cycle of this. Even after the clever person who designed the pipe names is long gone.
I did not even bother to try if SSRS or other reporting tools can effectively handle this. Even if they do, you have also imposed misery upon the hapless contents programmers.
I just pursued this thread out of curiousity, to see how low it could get. Definitely not for how to turn an ill-protected database server/ database into an obscured unsecured database.
June 15, 2016 at 10:33 am
j-1064772 (6/15/2016)
"... I keep trying to convince people that the most secure database would be one where they can't use alphanumeric table and column names. I created one that's all pipes like ... "A determined attacker will get through this and will be temporarily annoyed. However, the bona fide developers / DBA's in charge of this will be feeling the pain for the duration of the entire life cycle of this. Even after the clever person who designed the pipe names is long gone.
I did not even bother to try if SSRS or other reporting tools can effectively handle this. Even if they do, you have also imposed misery upon the hapless contents programmers.
I just pursued this thread out of curiousity, to see how low it could get. Definitely not for how to turn an ill-protected database server/ database into an obscured unsecured database.
I'm terribly sorry you thought this was serious. It was meant to be funny & demonstrate some things you can do with SQL Server that not a lot of people think about.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
June 15, 2016 at 11:22 am
Obviously, I did miss the intended sarcasm. In turn implying it was considered seriously.
Sorry.
Viewing 9 posts - 31 through 38 (of 38 total)
You must be logged in to reply to this topic. Login to reply