Principles for Building Secure Database Applications in Action

What I am talking about in this post might be well known to many people(too simple, sometimes naive?), but often most basic things make a difference. OK, get down to business. Thumbs rules for DB security might be: Define your security boundary(or attack surface) All input is evil! Evaluate them with whitelist Don’t store blank password, even hard-coded in…

2

Adding column to existing table and populate with default value

From time to time, we run into the scenarios of adding new columns to existing table with millions of records to meet emerging business needs. And these new columns often need initialized with default value. In this post, I’d like to illustrate my solution for such problems. Let us assume, Database: TestDB Existing table: TestTable…

2

Calling SQL Server Stored Procedures with ADO.NET in 5 minutes

A stored procedure is an already written SQL statement that is saved in the database. It can take parameters; return objects you specified, just like what happens in any other programming languages you are familiar with.   Why stored procedures instead of random SQL? For me: 1.    Modular Programming- Stored procedures allow developers to encapsulate…