Featured Post

Transactional Replication Deep Dive Webcast for PASS DBA Virtual Chapt

I will be giving a presentation to the PASS DBA Virtual Chapter on Aug 11,2010. Be sure to attend as they are giving away $50.00 Amazon gift card! The details are below so be sure and sign up! Event Link:   http://www.sqlpass.org/Events/ctl/ViewEvent/mid/521.aspx?ID=457   Date: 8/11/2010 Start Time:     12:00:00 PM End Time:     1:00:00 PM Timezone:     (GMT-07:00) Mountain Time (US & Canada) Short Description DBA Virtual Chapter Live Meeting Event Event Description Topic: Transactional Replication Deep Dive (presented by Arie Jones) and What a DBA Needs to Know About Data Modelling (Sanjay Shirude) Presenter: Arie Jones Abstract: Transactional Replication is often one of those black box features where if you are using the wizard in a standard implementation then you are fine. Yet, what do you do when you have to do something like transactional replication across non-trusted domains. In this session, we will discuss the internals of transactional replication, how it works, and what you can do to manage your implementations more effectively by understanding what going on underneath the covers. Presenter Bio: Arie "AJ" Jones is Principal Technology Manager for Perpetual Technologies, Inc. (PTI) in Indianapolis, Indiana. PTI provides mission-critical database and information systems support for SQL Server and Oracle environments nationwide. Arie leads PTI’s team of experts in planning, design, development, deployment, and management of database environments and applications to achieve the best combination of tools and services for each client. He has authored several books on SQL and related topics including Learn SQL in 24 Hours, Learn SQL in 1 Hour a Day, SQL Functions, and Live Lessons: SQL as well as maintaining the popular web blogs: programmersedge.com and sqlsherpa.com   Cheers! AJ                          

Read More

Writing Secure Code – Links – September 26, 2008

Posted by RSSFeed | Posted in Uncategorized | Posted on 30-09-2008

0

Apologies for this being late. Because of OOW I got a bit behind.

Passwords — This blog post from the "Blown to Bits" blog talks about problems with passwords. On a personal level – you should have a random password. No words. Just mix of characters. From a developer perspective – do not write your own login code. Almost all frameworks now have their own login subsystem – leverage that. It will allow you to focus on code that is actually core to your business application. Or as I would think – I would not want my friend Quan writing my UI but he knows how to write awesome security code. I know my friend Josh knows how to make awesome looking UI – he shouldn’t be writing my security code. And from an enterprise level – make sure you are adopting  comprehensive access products such as Oracle Access Manager suite.

"Using Yahoo! Login Mechanisms for Desktop Applications" — If you want to use Yahoo! for user password management this might be useful to you.

Criminal probe of ex-Lottery employee Launched  — Basically another data leak problem. Remember – when writing apps to make sure you allow for proper auditing. Also make sure to put in hooks that can allow for access controls to be written using a standard like XACML (such as provided by Oracle Entitlement Server). And if you are storing data in a database make sure the application can work with strong security measures like Oracle Database Vault and Transparent Data Encryption. And – if you managing/installing database – make sure you enable these features if your applications can support them.

Schneier On Security — Bruce Scheier who is the expert on security – has released a new book. I believe it’s a collection of his columns, so if you are a regular reader probably nothing new. However, if you are new to this field – you should get a copy. As well as his previous book Beyond Fear. Or if you are up to speed on these books – then be sure to read The Unthinkable: Who Survives When Disaster Strikes – and Why.

Go to Source

Write a comment