papadi Development Blog

.NET and Software Development by Dimitris Papadimitriou 
Tags
Bookmark and Share

Microsoft Most Valuable Professional


Filed under

SQL Server

 
December 10, 2008
 

SQL Injection Cheat Sheet

Do you think you know everything you need to know regarding SQL Injection? Think again and take a look at this great article:

http://ferruh.mavituna.com/sql-injection-cheatsheet-oku

Author describes all (?) possible sql injection cases for SQL Server, Oracle, MySQL and PostgreSQL.

Filed under  //   Data   sql   SQL Server  

Comments [0]

December 8, 2006
 

Clean up IIS and SQL Server and make your websites portable

Do the following mean anything to you?

  • Is your IIS full of test web projects that you once created and you keep them... just in case?
  • Do you have old projects that you want to look once in a while but you don't have the time to create virtual directories for them?
  • Do you have dozens of databases on your SQL Server for all that projects?
  • Do you find the procedure of copying files, IIS settings and SQL Server database to create a copy of a web site tedious?
  • Would you like your web sites to be easily portable by simple copying their content files, without IIS and SQL Server configurations?

If these sound familiar... here is your solution!

How to start a web site without IIS

You can use the ASP.NET virtual web server to start a web site without using the IIS. It's the same tool that opens when you create a web site under the file system from the Visual Studio. The usage is simple:

"%windir%\Microsoft.NET\Framework\v2.0.50727\WebDev.WebServer.EXE" /port:1001 /path:"%CD%" /vpath:"/myWebSite"
But to make it simpler just copy the StartVirtual.bat found inside the attached sample project into your web site's root folder. This batch file contains some comments (REM) for each parameter.

How to access a database without permanently attaching it to SQL Server

One great feature of SQL Server 2005 Express is the ability to dynamically attach a database to server by using the connection string. This way your database is attached when your application starts and is not permanetely connected to sql server using a standard file path, something that would make it difficult to move or copy. In the attached sample you can see one database configured to work this way. The database is placed under the App_Data folder of this web site and it's location is set in the connection string (see web.config) :
   

Data Source=.\SQLEXPRESS; AttachDbFilename=|DataDirectory|\Database.mdf; Integrated Security=True; User Instance=True"; providerName="System.Data.SqlClient"
If you haven't done already, download SQL Server 2005 express from here. Keep in mind that SQL Server 2000 database are compatible, so you don't have to worry if you have old web sites using SQL Server 2000 databases.

Sample

The attached sample assumes that .NET Framework 2 and SQL Server 2005 Express are installed on your machine.
Download the attached file, unzip it and double click StartVirtual.bat. An icon will show up in your windows tray area (right lower corner). Right click on that icon and then select 'Open in Web Browser'.... and here it is! The web site runs without IIS, without Visual Studio and without previously attaching the database to sql server.
Try making copies of this web site and starting different instances. Be sure to first edit the StartVirtual.bat and change the port number for each instance, if you want them to work simultaneously.

Click here to download:
PortableWebTest._zip (172 KB)

Filed under  //   .NET   Code   SQL Server   Web  

Comments [0]