Hi lá,

Deixado todos saiba as duas réguas douradas muito simples quando vem às correia-aplicações que se estão comunicando com os usuários do SQL:

1. Nunca emita cordas de texto da entrada do usuário diretamente aos usuários (backend) do SQL. Certifique-se “limpá-lo acima” primeiramente (por exemplo. nenhuns chars especiais etc.). Aceite somente a coisa que você SABE que você quer.

2. Sempre use procedimentos armazenados e chame-os com argumentos em vez de deixar o controle da tomada das cordas de texto (injeções do SQL) de seus usuários (backend) do SQL.

Furar 2 aquelas réguas fará a vida muito mais fácil para admins, consultante e guys da segurança como mim. Diga-lhe os colaboradores da companhia, os vendedores etc. do software do partido de em terceiro lugar. para furar às réguas (mesmo que devem as saber pelo coração já) - espalhe a palavra e a vida será muito mais fácil para todos nós povos bons em torno do globo

Título: Administração 2005 profissional do usuário do SQL (guias profissionais de Wrox)
Autor: Knight de Brian/Ketan Patel/Wayne Snyder/Jean-Claude Armand/Ross LoForte/Brad McGehee/Wort de Steven/Joe Salvatore/Haidong Ji
Publisher: Wrox
ISBN: 0470055200
Publicação-Data: 2006-12-06

Descrição do livro
O usuário 2005 do SQL é o pulo o maior para a frente para o usuário do SQL desde seu inception. Com este update vêm as características novas que desafiarão mesmo o usuário o mais experiente DBAs do SQL. Escrito por uma equipe de alguns dos mais melhores peritos do usuário do SQL na indústria, este tutorial detalhado mostra-lhe como navigate a paisagem vastamente mudada da administração do usuário do SQL.

Extraindo no seus próprias as experiências first-hand para oferecer-lhe as mais melhores práticas, as pontas e os truques originais, e os workarounds úteis, a ajuda dos autores você seguram mesmo as edições 2005 as mais difíceis da administração do usuário do SQL, including a obstrução e travar. O ™ll€ de Youâ aprende como fino-ajusta o ™ve do you†das perguntas escrito já, automatiza tarefas redundantes da monitoração e da manutenção, e usa ferramentas escondidas de modo que você possa rapidamente começar a excesso a curva de aprendizagem de como configurar e administrar o usuário 2005 do SQL.

O que você aprenderá deste livro

Como usar alguns dos conceitos mais avançados…

Title: Professional SQL Server 2005 CLR Programming: with Stored Procedures, Functions, Triggers, Aggregates and Types
Author: Derek Comingore / Douglas Hinson
Publisher: Wrox
ISBN: 0470054034
Pub-Date: 2006-12-11

Book Description
SQL Server 2005 offers the capability to write code in a .NET language that can be compiled and run inside SQL Server. CLR Integration, or SQL CLR, lets you create stored procedures, user-defined types, triggers, table valued functions, and aggregates using a .NET managed language. You can read and write to resources outside of SQL Server and enjoy a tighter integration with XML, web services, and simple file and logging capabilities.

Here’s the reference you’ll want on your desk as you develop SQL CLR solutions. It helps you decide whether to use SQL CLR, how to lock down security, and learn from real examples. If you want to develop stored procedures or other objects in .NET for SQL Server 2005, this book offers exactly what you need.

What you will learn from this book

The concepts and architecture of SQL CLR
Uses of .NET namespaces in SQL Server programming tasks
How to develop and benchmark routines in T-SQL and .NET to determine when CLR-based solutions are advantageous

Title: Expert SQL Server 2005 Integration Services (Programmer to Programmer)
Author: Brian Knight / Erik Veerman
Publisher: Wrox
ISBN: 0470134119
Pub-Date: 2007-05-29

Book Description
As a practical guide for Integration Services ETL development, this book shows you ways to implement your ETL solution requirements from the data to the administration and everything in-between. Each chapter begins with a review of pertinent ETL concepts and moves into working those out into a design with multiple examples and related Integration Services features with the end goal of putting it all together to get a solution.

http://www.amazon.com/exec/obidos/redirect?path=ASIN%2F0470134119
Download

TITLE : MCITP Developer: Microsoft SQL Server 2005 Data Access Design and Optimization Study Guide: Exam 70-442 (Paperback)
AUTHOR : by Marilyn Miller-White (Author), Cristian Andrei Lefter (Author)
PUBLISHER : Sybex publisher
ISBN : 0470108800
EDITION : 1st
PUB DATE : April 02, 2007
LANGUAGE : English

Get the preparation you need for exam 70-442, PRO: Designing and
Optimizing Data Access by Using Microsoft SQL Server 2005, one of two
required exams in the Microsoft MCITP: Database Developer certification
path. Your essential guide to Microsoft’s new SQL Server 2005
certification features practical and in-depth coverage, including:

- Full coverage of all exam objectives in a systematic approach, so
you can be confident you’re getting the instruction you need for the
exam.
- Practical hands-on exercises that reinforce critical skills.
- Real-world scenarios that put what you’ve learned in the context of
actual job roles.
- Challenging review questions in each chapter to prepare you for exam
day.
- Exam Essentials, a key feature at the end of each chapter that
identifies critical areas you must become proficient in before taking
exam 70-442.
- A handy tear card that maps every official exam objective to the
corresponding chapter in…

TITLE : SQL Server 2005 Bible
AUTHOR: Paul Nielsen
PUBLISHER: Wiley
ISBN: 0764542567
PUB DATE : 2006-11-06
LANGUAGE : English

Use this comprehensive tutorial and reference to increase productivity and write stored procedures using the language with which you’re most familiar. The revised content covers new features such as XML integration, Web services, the .NET Common Language Runtime (CLR), and security updates, making this book a must for any developer or database administrator transitioning to the new version of SQL Server. You’ll learn to develop SQL Server database and data connections, administer SQL Server, and keep databases performing at their peak. In addition, you’ll find dozens of specific examples in both a graphical format and as SQL code as well as numerous best practices describing the most effective way to accomplish a given task. A companion Web site provides all of the code examples found in the book.

URL: http://www.amazon.com/exec/obidos/tg/detail/-/0764542567/
Download