Mathom Solutions Blog-IT

Buck Woody's (blog | twitter) awesome series of blog posts and links to better help you prepare for the 70-432 SQL 2008 Implementation and Maintenance certification.

Jonathan (blog | twitter) provides the best solution involving a certificate signed assembly to call sp_send_dbmail. This solution prevents one from adding users to msdb and the DatabaseMailUserRole.  It removes the risks associated with having TRUSTWORTHY ON setting enabled.

This Microsoft Whitepaper is on Microsoft SQL Server 2008's new Windows collations (denoted by *_100 in the collation name) that were added that make it in full alignment with the Windows Server 2008 operating systems.  (Authors:  Fernando Caro with technical review by immy Wu, Sanjay Mishra, Qingsong Yao, Juergen Thomas, Burzin Patel, Wanda He, and Tres London)

The CSS SQL Server Engineering team (blog | twitter) discusses that when a query is cancelled and it is currently executing in the SQLCLR that an System.Threading.ThreadAbortException exception is raised. It seems harmless enough to add a catch or finally block to your code to cleanup necessary resources. What they found is that it is not as easy as catching the ThreadAbort call. In some scenarios, the ThreadAbort is sometimes upgraded to a rude abort and the catch/finally block is not executed.

In this Microsoft white paper, there is a good discussions about two new features in Microsoft SQL Server 2008: Star Join and Few-Outer-Row optimizations. Microsoft tested the performance of SQL Server 2008 to highlight the effect of these two features and how they got a significant performance gain (about 75% gain and a reduction in the number of rows processed) over SQL Server 2005 without these two features.

As in many places in security, a disconnect exists between how people secure systems and how hackers break systems. So the following is a brief description of what hackers do to crack your password.

Building a continually improving security program is an important and common topic. For many CISOs and other directors of security programs — this has been their day job since they earned their titles. There still exists huge gaps between IT/Operations, Application Development, and Information Security Management organizations and how they work together. There are gaps in communication between departments, and even within departments.

It describes how to evaluate data security investments, map the potential investment to your business needs, then build a business justification case. It starts with a discussion of data security issues, then reviews alternative models (and their flaws), and finishes presents our justification methodology.

This report shows how to build a pragmatic web application security program that constrains costs while still providing effective security. It also focuses of the particular security needs of web applications, and then delves into details of the major security components and how to pull them together into a complete program, with examples built around typical use cases.