Microsoft have just released a couple of new security tools that might be useful, especially if you’re still running some legacy ASP applications.
- Microsoft Source Code Analyzer for SQL Injection - a static code analysis tool for finding SQL Injection vulnerabilities in ASP code
- Microsoft Urlscan Filter v3.0 Beta - a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, UrlScan helps prevent potentially harmful requests from being processed by web applications on the server.
UrlScan has been around for quite a while, so I’ll be interested to see what new features are part of v3.
Getting your code into a version control repository is relatively easy. Doing the same for your database schema has historically been a bit trickier. I think this is partly because modern databases (like Microsoft SQL Server) come with quite useable graphical interfaces, which means that you can make many significant changes without ever writing a line of SQL.
The good thing though is that all of these changes are done using SQL, so version control is usually about keeping versions of the SQL scripts.
Some common techniques include:
- One single production database and all changes are made live (be careful!)
- Make changes to dev database and then migrate the changes to production (SQL Compare is great for this)
- All schema objects are stored in scripts that need to be executed to create the database.
Creating the initial database isn't too bad, but pushing out updates can be more difficult, especially if you need to deal with updating from different possible versions.
One tool that might prove in solving this problem is DBDeploy.NET - a port to .NET of the Java-based dbDeploy.
I needed to download some files from SourceForge earlier this week, and what a pleasant surprise it was to see that Internode is now hosting the Australian mirror.
Even better, it is unmetered for Internode customers (such as myself), and means that the 4.7Tb of SourceForge files are available to download super-quick. Not that I want to download 4.7Tb all at once mind you!
After attending Sasha's talk at the Adelaide SQL Server User Group yesterday, it inspired me to get the ball rolling in preparing for my own presentation, which is pencilled in for August.
Figuring it would be appropriate to try and use as many of the "2008" products as possible, I planned to install Windows Server 2008 and then plonk Visual Studio 2008 and the just-released SQL Server 2008 on top.
I downloaded Virtual PC 2007 SP1 (which was updated to support Server 2008) and then ran the installer.
To my surprise, a dialog appeared saying "You are not running on a supported operating system".
Hang on, I'm running Windows XP with SP3. Double check the system requirements, and yes, it does list XP SP3.
Now I used to run Virtual PC just fine before I reinstalled the OS a few months ago, so what's changed?
Ah ha! I was running Windows XP Professional before, and now I'm just running XP Home - that's what's different! While it doesn't explicitly mention "Professional" on the web page, it is more specific in the installed help file:
Windows Vista™ Business; Windows Vista™ Enterprise; Windows Vista™ Ultimate; Windows Server 2003, Standard Edition; Windows Server 2003, Standard x64 Edition; Windows XP Professional; Windows XP Professional x64 Edition; or Windows XP Tablet PC Edition
But having said that, when they say "not supported", at least they don't appear to mean "doesn't work".
Release candidate zero of SQL Server 2008 is now available.
Some other interesting things that have been released recently include:
I’ve also downloaded the latest technical preview of Windows Live Writer and am using it to write this post. So far, so good.
