-
Starting with the Specs: Building Solid Code Review Procedure
Date: 05/06/11 (SQL Server) Keywords: database, security
In our last entry, we introduced the concept of code review procedures. Our first topic to consider in this life cycle is for the developer to take some time to understand the Business Requirements and Functional context. These two critical tasks should in a perfect world be understood by all dba's in the SDLC of database code, but the developer has a unique opportunity to let his/her code communicate these requirements and context though coding best practices and adequate documentation. Some items a developer, or a peer can look for in performing these 2 steps are the following:
Satisfying Business Requirements & Functional Context
- Has a knowledgeable user been consulted during the planning/architecture phase of code creation?
- Did the architect make specifications for future growth and change needs of the application?
- Has the developer reviewed the business requirements?
- Do the developer and the business have the same understanding for required performance of the application?
- Does the reviewer understand the code being reviewed?
- Does your code adhere to corporate coding specifications (Yes, this is a business requirement, too)
- At what layer in your business environment does the code execute?
- Does the piece of code functionally achieve the stakeholder's need as documented in the project charter ?
- What is the data size and volume worked with in this code?
- What are the data archival requirements?
- Have company security policies been complied with?
- How will the application or change be installed and configured?
- By what method will the development team preserve and version the code and objects affected?
( Thanks to![[info]](http://l-stat.livejournal.com/img/userinfo.gif?v=3)
adina_atl for assisting with the checklist )
-
Building Solid Code Review Procedures
Date: 04/18/11 (SQL Server) Keywords: security
Does your organization use any code review procedures when promoting code from Development through to Production? If you work for a publicly-held corporation, you know this all to well. If you work for a privately-held company, you can benefit from this procedure as well. Wether you are a developer wanting to make sure all your i's are dotted and all your t's are crossed, or a DBA in operations getting ready to deploy new code, solid code review procedures can really save your butt from major mistakes that can cost you hours of work.
First, let's get a general idea of what a code review life cycle will look like and who is generally involved.- Unit Test - Validate Business Requirements and Functional Context
- Unit Test - Validate Syntax, Entry and Exit points
- Unit Test & QA - Consistency - Perform Version Control & Transactional Analysis
- QA & Prod - Security - Permissions, Back-out and Error Handling
- QA & Prod - Performance - Validate Memory Usage, Thread Usage and Control Structure usage
- Prod - Documentation - Is there a header, change log, and comments ? Are deployment instructions required and included?
-
Need a hack for changing default db
Date: 11/08/10 (SQL Server) Keywords: database, security
I have a user who locked himself out of a database because his default db went into suspect mode. His security policy was nice enough to bar anyone in the Windows Administrators group from logging in to the db. He says he can't remember the two passwords for the administrative logins currently assigned to System Administrator role on the server. Any hope here? I think he's screwed, personally.
-
SQL Server 2005 - Implement account or IP validation using LOGON TRIGGER
Date: 11/18/09 (SQL Server) Keywords: asp, sql, security, web, microsoft
http://technet.microsoft.com/en-us/sqlserver/dd353197.aspx
Has anyone implemented security using the LOGON TRIGGER that came out with SQL Server 2005 SP2?
I'm just curious if anyone has setup this feature to protect their SQL Server from attack through their web servers. -
Multiple web.config files ?
Date: 03/31/08 (Asp Dot Net) Keywords: asp, security, web
I have content that I only want authorized users to see and then content that I want joe public to be able to view.
I found this article that suggests having two web.config files. So the authorized user content would be in a separate folder with its own web.config file:
http://www.asp.net/learn/security/tutorial-07-vb.aspx
Is that how you would do it ? (There's no date on the article so I didnt know if this was the latest thinking)
Thanks :) -
Symantec may violate Linux GPL in Norton Core Router
Date: 04/05/18 (Open Source) Keywords: security, linux
A top Linux security programmer, Matthew Garrett, has discovered Linux in Symantec's Norton Core Router. It appears Symantec has violated the GPL by not releasing its router's source code.
Source: https://www.zdnet.com/article/symantec-may-violate-linux-gpl-in-norton-core-router/#ftag=RSSbaffb68
-
graphics are off slightly everywhere
Date: 04/05/12 (Computer Help) Keywords: security
My computer information:
Intel Core i5 CPU 750 2.67ghz x4
8 gigs ram
Windows 7 64 bit
ATI Radeon HD 4600 series(graphics card)
So I'm not sure what exactly is going on. I tried playing Civ 5 today and the graphics were a bit off. SWTOR's graphics were also off. Plus my desktop display is slightly bigger than it should be. Text seems a bit off in various things as well. And videos viewed on netflix are less clear. This happened today. I haven't downloaded any files or changed any settings. Not 100% sure if anything updated, but maybe adobe flash player? But would that affect everything else? I mention this because under control panel - system and security adobe flash player is labeled 32bit, not 64bit which my computer is running. Under control panel - system and security - system, the information says its running a 64 bit operating system. Shrug.
So far I've tried adjusting the resolution, restarting my computer, reinstalling the graphics card drivers, and uninstalling the graphics card drivers and reinstalling them. This obviously has not worked. The drivers are the latest available.
Is there a way for the computer to auto-detect the best settings for your computer(in case mine somehow got off?) Maybe a program I can download to do this or something that already comes with the operating system? Any other suggestions or ideas? -
I have an odd request
Date: 06/29/11 (Computer Help) Keywords: security
x-posted to
computerhelp
I recently battled the Internet Security malware -- twice. I won, but I lost some files in the process. They weren't important files. They weren't data or system files. But they were files that did a specific thing and I miss them.
I have a Seagate expansion drive (model #9SD2A2-500).
The files I lost were the ones that came with the drive. It still works fine. Windows sees it and files move to and from it with no problem. But it used to be that when I opened up My Computer I would see a little picture of the Seagate drive instead of the generic hard drive picture I see now.
It's not really that big of a deal but I want that little picture back. I was wondering if anyone reading this might have one of these drives and be able to send me copies of those files? Thanks for reading this, in any case. -
Gifts
Date: 04/29/11 (Computer Help) Keywords: security, web
1024x768
1152x864
1280x768
1280x800
1280x1024
1440x900
1400x1050
1680x1050
1920x1200Купон на 20% скидку на коробку Dr.Web Security Space Pro - Family Space Edition:
Лицензия на Dr.Web Security Space:
Хорошей пятницы и чудесных выходных!
-
Networking advances of the aughts?
Date: 01/04/11 (IT Professionals) Keywords: security, web
What's new in networking over the past ten years? My reason for asking is that I'm re-taking a Cisco networking course to keep my skills up to date, but I have no expectation that the teacher and course material are up to date. I'll start with a few things that were not in the Cisco material when I last took the course.
- Netflow packet dumping.
- VPNs are far more popular than they used to be. Hardly anyone had them before; now it's expected that anyone knows how to set them up.
- Routers have gained enough features that traditional routers are called Layer 3 Switches, which raises the question of what new features are expected to be in a proper "router".
- Gigabit Ethernet and the move from Cat5 to Cat5e and Cat6 were a significant change. There is also Cat6A for 10,000baseT.
- BGP is the routing protocol used on the Internet. This is not new, but it was not covered in the Cisco material.
- Lots of places are punching big holes in their security with wireless routers and exploitable wireless devices (like printers) in the trusted section of the network. MAC whitelists and encryption are musts for access points, but some of the standard encryption methods such as WPA and WEP have been compromised.
What else is new? Also, what are some good news websites for reading about networking advances?
-
Bad clusters on a scsi raid 5 drive.
Date: 04/13/10 (IT Professionals) Keywords: asp, sql, security, microsoft
I should know this.
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 57 unused index entries from index $SII of file 0x9.
Cleaning up 57 unused index entries from index $SDH of file 0x9.
Cleaning up 57 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Windows replaced bad clusters in file 87
of name \mssql\MSSQL$~1\Data\DISTRI~1.MDF.
Windows replaced bad clusters in file 7220
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\201004~1\TB5CD1~1.BCP.
Windows replaced bad clusters in file 26077
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\201004~1\TBLPDF~1.BCP.
Windows replaced bad clusters in file 32542
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\201003~1\TB5CD1~1.BCP.
Windows replaced bad clusters in file 34123
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\200802~1\TB50D9~1.BCP.
Windows replaced bad clusters in file 59114
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\200904~1\TB4CD1~1.BCP.
Windows replaced bad clusters in file 66747
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\200904~1\TBLPDF~1.BCP.
Windows replaced bad clusters in file 306249
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\200608~1\TB50D9~1.BCP.
Windows replaced bad clusters in file 313926
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\200608~2\TB50D9~1.BCP.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
The size specified for the log file is too small.
213371743 KB total disk space.
137811912 KB in 82347 files.
42892 KB in 6088 indexes.
0 KB in bad sectors.
962587 KB in use by the system.
23040 KB occupied by the log file.
74554352 KB available on disk.
4096 bytes in each allocation unit.
53342935 total allocation units on disk.
18638588 allocation units available on disk.
Windows has finished checking your disk.
Please wait while your computer restarts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
~~~~
this is on my domain controller, this is a HP raid5 array consisting of 4 72gb scsi disks. how can you get bad clusters on a raided drive? how can I know which physical drive is failing?
did I actually lose any data/get any data corruption?
I have backups of course, the problem if its hardware failure, and I am going to do migration to windows 2008 r2 from windows 2003, it will still take sometime to initiate things, buying a single replacement scsi might be viable but if I can't identify the drive and have to get 4 scsi drives and rebuild the array 1 disk at the time, it would be problematic not to mention prone to disaster. -
A Whatsapp clone for business collaboration and improved communication
Date: 06/08/17 (Software) Keywords: software, security
EngageDots would be the search solution for Whatsapp-like instant messaging app to cope with all your business requirements. As it comes with compelling features, EngageDots helps collaborate effectively among your business circle. EngageDots is a perfect clone of Whatsapp that comes with advanced characteristics. With this office chat software, communication would not be a problem for enterprises irrespective of its size and location.
Appealing features
EngageDots comes with the features that make business chatting more interesting and sharing official files, images, videos, audios, information, etc easier. Your official communication will be more lively with the following seamless features of EngageDots.
One-on-one and group chat
Advocates both person-to-person and group chat. This communication channel allows chatting individually as well as creating groups instantly.
Audio and video chat
Allows having more real-time collaboration by having access for audio and video calls that help get connected and engaged all the time.
File sharing
Share any information or files that may be in video, audio, or doc format with your colleagues, customers, or higher officials instantaneously, which saves time and helps communicate easily and effectively.
Screen sharing
Gives access to share screen with other users at a remote location which allows the other users to monitor the performance level of the activities.
Privileged app services
Tools and features of the third party can be integrated into our app like Whatsapp for the remote access of any features that help collaborate and coordinate efficiently in a smart way. To capture the attention of your team members, EngageDots offers supportive extensions that initiate directed conversations with @mentions and hashtags and to get opinions posted through polls and podcasts. Our secure guest access feature allows adding third parties in any chat rooms via invites and accessing their logins or conversations. Besides, we offer high-end security measures and end-to-end encryption that never disclose confidential data and conversations.
Admin interface
Admin is the one who can choose participants for using the app and can manage chats, conversations, group activities, personalized message signature, pass codes, etc. and who has the access to control the entire activity of the app. Admin can pick requisite features, and modify and personalize to make them suitable for their business requirements. To have an organized chat and official sharing processes, EngageDots is designed to provide instant reports and updates to help admin stay on track with the status and progress of the projects or assigned tasks. Also, this business chat app assists the admin to track users’ location and get updated on their activities.
More features for propelling performance
There are a lot more that makes EngageDots an outstanding business chat app. EngageDots lets you to:
have backup of all your shared confidential files and details;
organize activities such as meetings, scheduled events, deadlines, etc. via prompt alerts, notifications, and reminders;
add multiple languages and support your customers from different locales;
assess any conversation from any device as EngageDots is designed with app compatibility; and
set up the chat solution easily and manage with our necessary technical support.
If looking for a team chat app that resembles Whatsapp, EngageDots would be the best business chat solution. Contact us for better pricing!
-
Samba Config Problem - why does one work and the other not?
Date: 10/01/08 (Software) Keywords: security
I have two different samba shares configured.
Can someone PLEASE tell me my one works exactly as expected (e.g. limits access to the requisite group and give them complete access) while the other one allows EVERYONE view privileges and no one has write/modify privs?
I am sure I missed something stupid.... but I am too tired to figure it out if I did.
1.
[SHAREGROUP1]
writeable = yes
write list = @sharegroup
force security mode = 111
create mask = 770
directory mask = 770
comment = Storage space for sharegroup files
user = @sharegroup
path = /data/common/ShareGroup
2.
[SHAREGROUP2]
writeable = yes
write list = @sharegroup
force security mode = 111
create mask = 770
directory mask = 770
comment = sharegroup's Drive
user = @sharegroup
path = /mnt/sharegroup -
IE7 cert mismatch errors
Date: 03/03/08 (Apache) Keywords: security
Some of our IE7 users receive security certificate mismatch warnings with every secure page view on subdomain.domain.net. The cert was originally issued to www.domain.net.
Is it possible to add aliases to existing certificates (my hunch is no, but I'm not well versed on them)?
-
Seperate instances of Apache under one box
Date: 06/11/07 (Apache) Keywords: security, hosting, apache
Can Apache run under different instances, so that we can direct traffic to each Virtual Host under a different instance. Would doing so offer better security than simply using virtual hosting? One of our sites is internal, the others are public. We want to keep the internal site locked down extremely tight.
In that same light, is it possible to have different SSL certs for different Virtual Hosts running on the same physical box (under one IP)?
Thanks for suggestions/pointers. -
Opera 9.63 now available!
Date: 12/16/08 (Opera Browser) Keywords: software, browser, security, linux
Opera Software released Opera 9.63 today, which addresses several security issues. This release is a recommended security update for all those running the previous stable releases. Download it now at http://www.opera.com/browser/.
Check out the changelogs for Windows, Mac and Linux/UNIX (http://www.opera.com/docs/changelogs/). -
Production SQL DBA Opening in North Texas
Date: 06/02/11 (SQL Server) Keywords: database, asp, sql, security, microsoft
Passing this along for a friend...If you know anyone looking, please let me know. Pay terms seem to be a little higher than normal for that many years of experience.
Responsibilities:- Installation, configuration, customization, maintenance and performance tuning of SQL Server 2005 & 2008 including SSIS, SSAS and SSRS.
- SQL version migration, patching and security management.
- Monitor database server capacity/performance and make infrastructure and architecture recommendations to management for necessary changes/updates.
- Perform database optimization, administration and maintenance (partitioning tables, partitioning indexes, indexing, normalization, synchronization, job monitoring, etc).
- Manage all aspects of database operations including implementation of database monitoring tools, event monitoring, diagnostic analysis, performance optimization routines and top-tier support for resolving support issues.
- Work with internal IT operations teams to troubleshoot network and server issues and optimize the database environment.
- Establish and enforce database change management standards including pushes from development to QA, on to production, etc;
- Proactively stay current with latest technologies and industry best practices associated to the position and responsibilities.
- Provide development and production support to troubleshoot day-to-day database or related application issues.
- Develop, implement and verify processes for system monitoring, storage management, backup and recovery.
- Develop, implement and verify database backup and disaster recovery strategies.
- Design and implement all database security to ensure integrity and consistency among the various database regions
- Develop and maintain documentation of the production environment.
- Manage SLAs and strict adherence to production controls - Sarbanes-Oxley (SOX) monitored via external audits
- Must have experience on SQL Server 2005.
- Good exposure on Installation, Configuration of database Clusters, Replication, Log shipping and Mirroring
- Expertise in Troubleshooting and performance monitoring SQL Server Database server (Query Tuning, Server Tuning, Disk Performance Monitoring, Memory Pressure, CPU bottleneck etc.)
- Expertise in T-SQL and writing efficient and highly performing SQL Statements.
- Expertise in SQL Server Internals, wait events, profiler, windows events etc
- Must have understanding of key infrastructure technologies such as Clustering, SAN Storage, Virtualization, Cloud services etc.
Other nice to have experience:- System administration fundamentals including Installation, Configuration & Security setups.
- Experience with SQL 2008 a plus.
- Experienced in architecting high availability, business resumption and disaster recovery solutions
- Microsoft SQL Server DBA Certification
- Experience with SCOM/SCCM/SCSM is a plus
- Extremely self motivated and ability to work within a globally dispersed team.
- Data Warehouse experience
- VLDB experience highly desired
- Experience with databases > 5 TB, processing 2 million + rows of data daily
- MS SQL Server 2005 Transact-SQL (T-SQL)
- Stored Procedure Development Communication Skills, work well with the team, and within team processes
- Database and file size and space forecasting ability
- Ability to manage a complex database system and assist the client with Database Integration for Future Business Intelligence efforts
- Confio Ignite Performance
- Bachelor's degree in Computer Science, Business Administration or other
- 10+ years experience as a Database Administrator
-
Starting with the Specs: Building Solid Code Review Procedure
Date: 05/06/11 (SQL Server) Keywords: database, security
In our last entry, we introduced the concept of code review procedures. Our first topic to consider in this life cycle is for the developer to take some time to understand the Business Requirements and Functional context. These two critical tasks should in a perfect world be understood by all dba's in the SDLC of database code, but the developer has a unique opportunity to let his/her code communicate these requirements and context though coding best practices and adequate documentation. Some items a developer, or a peer can look for in performing these 2 steps are the following:
Satisfying Business Requirements & Functional Context
- Has a knowledgeable user been consulted during the planning/architecture phase of code creation?
- Did the architect make specifications for future growth and change needs of the application?
- Has the developer reviewed the business requirements?
- Do the developer and the business have the same understanding for required performance of the application?
- Does the reviewer understand the code being reviewed?
- Does your code adhere to corporate coding specifications (Yes, this is a business requirement, too)
- At what layer in your business environment does the code execute?
- Does the piece of code functionally achieve the stakeholder's need as documented in the project charter ?
- What is the data size and volume worked with in this code?
- What are the data archival requirements?
- Have company security policies been complied with?
- How will the application or change be installed and configured?
- By what method will the development team preserve and version the code and objects affected?
( Thanks to![[info]](https://l-stat.livejournal.com/img/userinfo.gif?v=3)
adina_atl for assisting with the checklist )
-
Building Solid Code Review Procedures
Date: 04/18/11 (SQL Server) Keywords: security
Does your organization use any code review procedures when promoting code from Development through to Production? If you work for a publicly-held corporation, you know this all to well. If you work for a privately-held company, you can benefit from this procedure as well. Wether you are a developer wanting to make sure all your i's are dotted and all your t's are crossed, or a DBA in operations getting ready to deploy new code, solid code review procedures can really save your butt from major mistakes that can cost you hours of work.
First, let's get a general idea of what a code review life cycle will look like and who is generally involved.- Unit Test - Validate Business Requirements and Functional Context
- Unit Test - Validate Syntax, Entry and Exit points
- Unit Test & QA - Consistency - Perform Version Control & Transactional Analysis
- QA & Prod - Security - Permissions, Back-out and Error Handling
- QA & Prod - Performance - Validate Memory Usage, Thread Usage and Control Structure usage
- Prod - Documentation - Is there a header, change log, and comments ? Are deployment instructions required and included?
-
Need a hack for changing default db
Date: 11/08/10 (SQL Server) Keywords: database, security
I have a user who locked himself out of a database because his default db went into suspect mode. His security policy was nice enough to bar anyone in the Windows Administrators group from logging in to the db. He says he can't remember the two passwords for the administrative logins currently assigned to System Administrator role on the server. Any hope here? I think he's screwed, personally.
| Previous page | || | Next page |