THE SQL Server Blog Spot on the Web

Welcome to - The SQL Server blog spot on the web Sign in | |
in Search

Richard Hundhausen: The DBAgilist

This is a mirror of Richard Hundhausen's (aka The DBAgilist) blog "Tales from the Doghouse."

March 2007 - Posts

  • Any SQL Injectors out there?

    SQL Injection attacks are a well know exploit of insecure database systems. If you don't know about SQL Injection, you can change that by visiting Wikipedia.

    If you feel like injecting some SQL into your site, you should visit the SQL Injection Cheat Sheet page for all of the approaches. As the author mentions, only MySQL, Microsoft SQL Server, (some) ORACLE, and (some) PostgreSQL are supported and that most of the samples are not correct for every situation.

    Happy hacking!

  • Congratulations to the DBPro team (and Scott Ambler)

    I'm a bit late to the party, but I wanted to recognize a couple of cool 2007 Jolt Award winners ...

    In fact, here are all the winners.

  • A flurry of VSTS announcements

    I've been in Orlando this week, speaking at SQL Connections and have been derelict in my blogging duties, especially with regard to VSTS.

    • Microsoft announced on Monday that they had acquired DevBiz (the company that produces TeamPlain), which has been the leader in browser-based access to Team Foundation Server, further boosting cross-platform access (and adoption). TeamPlain Web Access also enables a peripheral team member to browse project information and manipulate work items, source code, etc. I believe the new, official name will become "Microsoft Visual Studio Team System Web Access" (another mouthful). This acquisition also means that we will get to use TeamPlain for FREE (assuming we have a proper client access license for TFS). Read more about the acquisition on Brian Harry's blog and Microsoft PressPass.

    • Microsoft published their Visual Studio Team System "Future Releases" roadmap, even beyond Orcas. So now, we can all speak the words "Rosario" in public. Rosario is the codename for the version of VSTS beyond Orcas. The roadmap is very thorough, even listing service packs and power tools, so you know exactly what delivery vehicle your feature or fix will be arriving in.

    • Gert Drapers (the data dude) announced Service Release (SR) 1 for VSTS Edition for Database Professionals. He says that it's "in the works" and will be published sometime in Q2 of 2007 (let's hope April). He lists a few of the fixes and features that will be in the SR in a recent blog posting.

    • Yesterday, Microsoft announced that unit testing will become a feature of the Professional edition of Visual Studio Orcas. This has been a passionately-requested feature by everyone in the world not running Dev, Test, or Team Suite editions. Finally, everyone who has Professional edition and up will be able to write and run unit tests. What about code coverage, that's still a question.

    • The Patterns and Practices team has released updated prescriptive guidance on VSTS. JD Meiers lists many of the improvements on a blog post and you can find the guidance itself on CodePlex.

    • Speaking of guidance, Microsoft recently published a 40-page branching guidance document which does a very good job of explaing branching and merging strategies for various size teams.
  • Next "Ask An Expert" Live chat - April 19, 2007

    The next Ask An Expert Live Chat is scheduled for Thursday, April 19, 2007 at 12:00 PM PDT. 
    Mark your calendars (or click this ICS link). For more information, visit Microsoft Technical Chats.

  • SqlSpec from Elsasoft

    We all have our favorite database structure generator or schema reporting tool. Maybe we have built one of them in the past. I always tell my clients that it's a great "first application" to build when learning SQL Management Objects (SMO).

    I just found out about SqlSpec.

    SqlSpec generates documentation in two formats: HTML or CHM. I particularly like the CHM format, especially when you want a single, compact file containing all your documentation about one or more databases. The CHM is indexed so it is easily searchable for any keyword. If you visit their Samples page, you can see what these CHM files look like.

    Naturally, SqlSpec supports SQL Server and Analysis Services, but also other legacy databases like Oracle, MySQL, and Access. It's $149 and they have a free trial version.

    Pretty slick.

  • Using the ReportViewer control in .NET 2.0?

    One of the coolest controls that Visual Studio 2005 includes is the report design and view functionality of the ReportViewer controls. What used to be a server-only function, .RDL (now .RDLC) files can be rendered client-side by Web or Windows applications with this control. Reports can contain tabular, aggregated, and multidimensional data.

    Thanks to Peter Myers for pointing me to this site to answer all of my (and your) questions and help unlock the hidden potential of the ReportViewer control.

This Blog


Privacy Statement