SQL injection is a very serious threat in the software and web industry as of current stats. It is also increasingly hitting databases like anything. The process allows miscreants to hack into your system through your web interface. However, the same tools could be used by security pros to find out SQL injection vulnerabilities in the system.
Category Archives: MS SQL Server
Send mail from SQL database (Configure Database Mail)
Database mail is newly introduced concept in SQL Server 2005 and it is replacement of SQLMail of SQL Server earlier version. Database Mail has many enhancement over SQLMail. Database Mail is based on SMTP (Simple Mail Transfer Protocol) and also very fast and reliable where as SQLMail is based on MAPI (Messaging Application Programming Interface). Database mail depends on Service Broker so this service must be enabled for Database Mail. Database Mail can be encrypted for additional security. SQLMail is lesser secure as it can encrypt the message as well anybody can use SMTP to send email. Additionally, for MAPI to be enabled for SQLMail it will require Outlook to be installed. All this leads to potential security threat to database server.
In order to send mail using Database Mail in SQL Server, there are 3 basic steps that need to be carried out:
- Create Profile and Account
- Configure Email
- Send Email
Tables Statistics – MS SQL Server
You can use the following T-SQL script to get more info and statistics about your database tables:
SELECT T.Name AS 'Table Name', T.create_date AS 'Creation Date', S.Name AS 'Schema Name', P.Rows AS 'Rows Count', SUM(A.total_pages) * 8 AS 'Total Space KB', SUM(A.used_pages) * 8 AS 'Used Space KB', (SUM(A.total_pages) - SUM(A.used_pages)) * 8 AS 'Unused Space KB' FROM sys.tables AS [T] INNER JOIN sys.indexes AS [I] ON T.OBJECT_ID = I.object_id INNER JOIN sys.partitions AS [P] ON I.object_id = P.OBJECT_ID AND I.index_id = P.index_id INNER JOIN sys.allocation_units AS [A] ON P.partition_id = A.container_id LEFT OUTER JOIN sys.schemas AS [S] ON T.schema_id = S.schema_id WHERE T.NAME NOT LIKE 'dt%' AND T.is_ms_shipped = 0 AND I.OBJECT_ID > 255 GROUP BY T.Name, T.create_date, S.Name, P.Rows ORDER BY 3 DESC
How to do WhiteList IPs – MS SQL Server
You will need to whitelist your IP on the server if you want to remotely manage your databases with software such as Microsoft Server Management Studio.
There’re two ways to do that, the first one is through command line and the second one is through UI.
SQL Server Date Formats
One of the most frequently asked questions in SQL Server forums is how to format a datetime value or column into a specific date format. Here’s a summary of the different date formats that come standard in SQL Server as part of the CONVERT function. Following the standard date formats are some extended date formats that are often asked by SQL Server developers.
It is worth to note that the output of these date formats are of VARCHAR data types already and not of DATETIME data type. With this in mind, any date comparisons performed after the datetime value has been formatted are using the VARCHAR value of the date and time and not its original DATETIME value.