Viewing 15 posts - 31 through 45 (of 813 total)
In addition to what Jeff said, check with your regulatory compliance or legal department(s) and ask them if the logs have to be considered "unalterable", which limits your storage options...
June 22, 2015 at 9:35 am
This explicitly facilitates SQL Injection, and second order SQL injection at that; it doesn't have to be a web page that does it.
Little Bobby Tables would also cause the students...
June 22, 2015 at 9:27 am
Jeff Moden (6/18/2015)
...if you can't prove it with code, there is no argument.
...
I believe that part of proving it with code is having valid, reliable measurements. Another part...
June 19, 2015 at 8:29 am
Jeff Moden (6/17/2015)
June 17, 2015 at 9:59 am
I have to amend my answer!
There is, in fact, a PBKDF2 implementation on SQL Server - even PBKDF2-HMAC-SHA-512 (modifiable for SHA1 if required):
https://stackoverflow.com/questions/7837547/is-there-a-sql-implementation-of-pbkdf2
Both the SHA-512 and the SQL 2008 compliant...
June 9, 2015 at 2:30 pm
What does the business care about?
Response time?
Accuracy?
Safe nimbleness/agility (i.e. changes don't break existing code, like column adds)?
First you must mean the same thing as the developers when speaking...
May 19, 2015 at 8:55 am
butcherking13 (5/19/2015)
I'm curious about two...
May 19, 2015 at 8:42 am
You first.
:Whistling:
I have to wait for SP1 CU1 anyway - SP1 only goes up to 2014 RTM CU5.
May 19, 2015 at 8:38 am
I would generally recommend at least a glance at the following page:
Isolation Levels in the Database Engine
due to the very simple table, which boils down to:
Level ...
March 10, 2015 at 4:34 pm
First, note that EU privacy laws are generally very different from those in other parts of the world.
I'd have to say that I'm entirely in favor; just because...
December 18, 2014 at 8:46 am
I'd ask why they want it, in terms like "What operations are you trying to do that you can't" and "Please send me a screenshot that includes the error message".
Then...
December 12, 2014 at 10:57 am
If you have high minimum performance requirements (it must always be at least this fast), then go back to your SAN admin with that and discuss dedicated storage.
If you do...
December 12, 2014 at 10:51 am
Brandie, good points on SOX (and, I suspect, PCI-DSS) password change requirements. Note that there may, or may not, be differing requirements for passwords that any human knows and...
December 3, 2014 at 8:49 am
100% agree: No user should know any other user's account. Ideally, when I have to reset or set up a user's password (certainly with developers), which is very rare...
November 25, 2014 at 9:04 am
I'd say my answers today are pretty similar to what they were in 2009 when this article was originally posted.
The main issue I see with consolidation of any type is...
November 25, 2014 at 8:42 am
Viewing 15 posts - 31 through 45 (of 813 total)