Robert Hurlbut's SQL Server Blog

SQL Injection article

RHurlbut — Fri, 17 Jun 2005 17:20:00 GMT

One of my first published articles came out a few days ago in the June, 2005 issue of .NET Developers Journal. This is a security focused issue with Patrick Hynds as the guest editor and some great articles by Duane Laflotte and others.

You can see it online here.

DevTeach bound

RHurlbut — Fri, 17 Jun 2005 17:19:00 GMT

(cross-posted)

This week has been extremely busy with catching up after TechEd, getting the latest SQL Server 2005 June CTP installed on a VPC, playing with the bits, figuring out changes for demos for DevTeach, and actually trying to get some work done to compensate for all these lost billable hours. Whew!

If you are at the conference, I will be speaking on SQL Server 2005 Managed Stored Procedures, SQL Server 2005 Security, and SQL Server 2005 Service Broker. I will be driving up with Sam on early Saturday morning. I am planning on meeting some friends for the first time, plus checking out this great conference everyone has told me about. It should be fun.

Installed SQL Server 2005?

RHurlbut — Fri, 18 Mar 2005 09:20:00 GMT

(Cross-posted)

Have you tried installing SQL Server 2005 yet? If so, how did it go for you?

There is a survey the SQL Server team would like you to fill out:

The Yukon setup team is looking for feedback related to your setup and installation experience. They've setup a survey that asks for a few demographics as well as your experience and any issues with the setup of the Betas or CTPs.

They are looking for error messages as well as your impressions, so if possible, do an install and take the survey soon afterwards. Save your errors, jot some notes, etc., while installing SQL Server 2005.

If you want to help improve the setup process and spare some others the pain of problems, please take a few minutes to complete the survey. This data is very important to the survey team to capture and help improve the user experience.

I already filled out the survey -- everything was pretty smooth for me in my VPC install in an Windows XP SP2 environment. I do have some security related questions that I have posed directly to the SQL Server security team that I am hoping to get answered soon -- some "gotchas" I found that seemed odd.

As I dig into this more, I am hoping to post information on my SQL Server blog regarding SQL Server 2005 Security. Stay tuned.

Speaking at DevTeach in Montreal on SQL Server 2005

RHurlbut — Sat, 19 Feb 2005 09:10:00 GMT

(Cross-posted)

I will be speaking at DevTeach this year in Montreal, Canada on June 18-22, 2005.

My topics (so far -- waiting on a couple of other proposals, but this may be enough) are focused on various SQL Server 2005 features:

SQL Server 2005 Managed Stored Procedures

SQL Server 2005 Security

SQL Server 2005 Service Broker

This should be a fun conference and one I am looking forward to attending and speaking.

New Service Broker blogger

RHurlbut — Sun, 06 Feb 2005 10:11:00 GMT

Rushi Desai is now blogging (RSS) on SQL Server 2005 Service Broker! Rushi spent some time working with the SQL Server engine and Service Broker last year at Microsoft and has been a big help to me in the past with some early questions. Take a look at one of his first posts on Service Broker. Subscribed!

Slammer Worm still going strong

RHurlbut — Tue, 18 Jan 2005 10:31:00 GMT

This news account talks about an Australian telecommunications company that was hit by the infamous Slammer Worm. Slammer, which exploits a vulnerability in un-patched versions of Microsoft SQL Server 2000, was first detected almost two years ago. As always, don't forget to patch, and be very careful not to open old doors because “visitors” are still lurking around out there waiting to come in.

Take a look at this resource for helping to secure your SQL Server 2000 databases: SQL Server 2000 Security Tools

No excuses!

Code Camp 3 - SQL Server 2005 Security

RHurlbut — Sun, 16 Jan 2005 12:22:00 GMT

(Cross posted)

I have added another topic to the ever growing data track for the upcoming New England Code Camp 3:

SQL Server 2005 Security
This talk will focus on many of the upcoming changes in security for SQL Server 2005.

This is going to be another great conference some new speakers (that weren't there for Code Camp 1 and 2) as well as a lot more content. Interested in speaking? Follow the link above to submit your proposal!

SQL Server Service Broker news

RHurlbut — Sun, 19 Dec 2004 11:59:00 GMT

As mentioned by Bob Beauchemin, there was a great night of Service Broker last week as part of the Guerilla SQL Server 2005. Dan Sullivan presented "Night of the Service Broker" with members of the SQL Server Service Broker team. Sounds like a fun opportunity to talk about one my favorite current topics!

As Bob also mentions, a new SQL Server Service Broker Developer Spot was created by Dan. According to Bob:

The site will host discussion forums, articles, tutorials, and also host cooperative development of some interesting service broker apps. It's open now, and they'll be sample applications (including the Service Broker client object model, courtesy of the team) up there shortly.

Sounds great! I have already created an account. Take a look, as I am sure this will evolve into a great resource!

HDC 2004 Slides and Demos

RHurlbut — Sun, 05 Dec 2004 13:43:00 GMT

I have posted my presentation and demo code from the SQL Server 2005 Service Broker talk I gave at the Heartland Developers Conference 2004 in Des Moines, Iowa on December 3. You can get them from these links:

HDC2004_SQLServer2005ServiceBroker.pdf
HDC2004_SQLServer2005ServiceBroker.zip

I posted more information about the conference on my other blog.

Speaking on SQL Server 2005 Service Broker at HDC 2004

RHurlbut — Wed, 24 Nov 2004 10:49:00 GMT

I will be speaking next week on SQL Server 2005 Service Broker at the Heartland Developers Conference in Des Moines, Iowa on December 3, as I did at Code Camp II in October. At the time, I didn't have as much time to play with the bits, but I have since, and I still feel the same -- I love this new feature for SQL Server! I am putting together some articles after my talk next week to be featured in a few locations. Stay tuned.

By the way, you probably have already heard about the great series of webcasts on SQL Server 2005 planned for December. On Wednesday, December 8, there will be a webcast on “Introducing Service Broker in SQL Server 2005—Level 200”. Mark your calendars.

SQL PASS write up

RHurlbut — Tue, 05 Oct 2004 14:26:00 GMT

Check out the write up of the events at SQL PASS this year [by way of Julie Lerman].

Speaking at Code Camp II on SQL Server 2005 Service Broker

RHurlbut — Wed, 22 Sep 2004 16:00:00 GMT

I have been spending some time with this new technology for awhile. Apart from my interest in the CLR as hosted in SQL Server 2005, Service Broker is one of the most interesting new technologies to come along. As cross-posted on my other blog:

SQL Server 2005 Service Broker (presentation)

Service Broker is a framework built into SQL Service 2005 that greatly simplifies the creation of reliable, scalable, message-based, asynchronous, distributed database application. A service broker can manage business transactions, which in practice can last for hours, days or indefinitely and span databases. A Service Broker application consists of a set of services, queues, message formats, and dynamically created conversation. Any application that can make a connection to SQL Server or a web service can make use of a Service Broker application. This session will cover the basics of Service Broker and show the implementation of a Service Broker application.

This will be in addition to other topics I will be presenting at Code Camp II.

Speaking at CodeCamp II on SQL Server Security

RHurlbut — Thu, 26 Aug 2004 14:20:00 GMT

If you are in the New England area in October, I will be speaking at CodeCamp II in Waltham, MA at the Microsoft offices. That will take place on the weekend of October 16-17, one week before WIN-DEV 2004.

My database topic (I have a couple of others related to .NET secure development) is:

SQL Server Security (Data Track -- Level 300)

This talk will demonstrate steps and techniques to insure a freshly installed SQL Server database is secure. I will also demonstrate best practices to permit client applications to access SQL Server securely, prevent SQL Injection, and to effectively audit and implement an intrusion detection plan.

I also noticed Kent Tegels will be there speaking on couple of SQL Server 2005 Express topics that weekend. Don't miss it!

Kimberly Tripp on .NET Rocks

RHurlbut — Mon, 02 Aug 2004 16:41:00 GMT

Kimberly Tripp, SQL Server guru and MVP, was on .NET Rocks last week. The show is available for download here.

A brief description:

Kimberly Tripp offers critical insights into SQL Server 2000 addressing Indexing, optimizing procedural code, the nightmare of row-based operations, and more. This show is 2.5 hours long!

SQL Server Express installation and blog

RHurlbut — Thu, 01 Jul 2004 14:33:00 GMT

Like others, I have also installed the new SQL Server 2005 Express version found here: http://lab.msdn.microsoft.com/express/sql/. So far, I like what I see. I will report more as I do some testing (and playing -) ).

There is also a new blog available from the SQL Server Express team (subscribe to the RSS).

They already have a post about the differences between SQL Server Express and MSDE.