Software And Architecture

Mitigating SQL Injection Attacks with Entity Framework Core Introduction:  SQL injection is a serious security vulnerability that occurs when an attacker manipulates input data to execute unauthorized SQL queries. Entity Framework Core (EF Core) is an Object-Relational Mapping (ORM) framework that provides built-in safeguards against SQL injection attacks. This article explores how EF Core helps prevent SQL injection, discusses common attack vectors, and provides code samples to illustrate the concepts. Understanding SQL Injection:  SQL injection occurs when untrusted user input is directly concatenated into SQL queries. Attackers exploit this vulnerability by injecting malicious SQL code, leading to data breaches, unauthorized access, and more. How EF Core Helps Prevent SQL Injection: Parameterized Queries: EF Core automatically generates parameterized queries. Instead of concatenating values directly into SQL statements, it binds input values as parameters. This prevents attacke

Introduction In many cases we might have to encounter scenarios where we need to perform backup of data or perform a schema change like data type transformation etc. This blog post illustrates the steps that can be used as a checklist to perform the operation at ease Steps The below sql query creates a new table with the same schema as given in the like field create table <table_name>_old like <table_name>; Now that we have the schema ready, we can copy the data for backup using the below command insert into <table_name>_old select * from <table_name>; Once the above command succeeds, we can drop the old table drop table <table_name>; Then we can create the new table with the same name as the one given in <table_name>   so that we can allow applications to still use the same table name. CREATE TABLE `<table_name>` (   `id` bigint NOT NULL AUTO_INCREMENT, ...); Now that the table with new schema is ready, we can migrate the data

This shows the number of connections per each DB: SELECT DB_NAME(dbid) as DBName, COUNT(dbid) as NumberOfConnections, loginame as LoginName FROM sys.sysprocesses WHERE dbid > 0 GROUP BY dbid, loginame And this gives the total: SELECT COUNT(dbid) as TotalConnections FROM sys.sysprocesses WHERE dbid > 0 If you need more detail, run: sp_who2 'Active'

The following is the script to restore any database from a .bak file without using Sql Server Management Studio -- The database name in the restored bak file should be the same as the one given here RESTORE DATABASE [authserver] FROM DISK = N'C:\Program Files\Microsoft SQL Server\MSSQL11.LOCAL\MSSQL\Backup\database.bak' WITH FILE = 1, MOVE N'authserver' TO N'C:\Program Files\Microsoft SQL Server\MSSQL11.LOCAL\MSSQL\DATA\database.MDF', MOVE N'authserver_LOG' TO N'C:\Program Files\Microsoft SQL Server\MSSQL11.LOCAL\MSSQL\DATA\database.LDF', NOUNLOAD, REPLACE, STATS = 10 GO

The following steps are required to perform the Copying a Database using SQL Server objects exposed to the .Net Framework by Microsoft. Net 1. Add reference to the project with the following DLL files, Microsoft.SqlServer.ConnectionInfo.dll Microsoft.SqlServer.Smo.dll Microsoft.SqlServer.SmoExtended.dll Microsoft.SqlServer.Management.Sdk.Sfc.dll These dlls are found in the following folder C:\Program Files\Microsoft SQL Server\100\SDK\Assemblies 2. Define a source Db and then the target DB, the source db will be scanned and then its contents [structure & data] string sourceDB = "cs_notification_test"; string targetDB = "cs_notification_test1"; SqlConnectionStringBuilder connStringBuilder = new SqlConnectionStringBuilder(System.Configuration.ConfigurationManager.ConnectionStrings["ApplicationConnectionString"].ConnectionString); ServerConnection conn = new ServerConnection(connStringBuilder.DataSource, connStringBuilder.UserID, connStr

Following steps are to be followed so that the SQL Server can be accessed across machines or be accessed from a remote machine via Sql Server Management Studio [SSMS] Enable the following 1) TCP/IP, 2) Shared Memory 3) Named Pipes from all programs> sql 2012 > configuration tools > sql server configuration manager > expand sql server network configuration > protocols for sql2012r2de Now, in the “Run” command, put Services.msc and then choose the SQL Server and then enable the SQL Server Browser service Now try connecting from any remote machine. Trackback:  http://stackoverflow.com/questions/5956926/unable-to-connect-to-a-sql-server-database-remotely

I have an employees table and an EmployeeTerritories table. The employeeid in both these tables are in integer datatype.   I have to create a new unique identifier column in both these tables and then update them accordingly. 1. I created a newsequentialid column in the employees table that will create new ids for the employees 2. Next, i added a new column to the employee territories table and set it as a foreign key to the employees table 3. now, i am in need of a query that will fetch the new guid from the employee table and fill in the employee territories table 4. i need to have a single update statement that do the trick by making use of the existing numerical id values UPDATE EmployeeTerritories SET empid = Id FROM EmployeeTerritories INNER JOIN Employees ON Employees.EmployeeID = EmployeeTerritories.EmployeeID This update statement will update the empid in the territories table based on the id matching. This saves a lot of time in comparison to the manual match