• LinuxHPC.org – Linux High Performance Computing, HPC & Clusters Portal
  The #1 Site for News & Information Related to Linux High Performance Technical Computing, Linux High Availability and Linux Parallel Clustering
  (tags: supercomputer opensource performance resources)

Opening a site Google has listed as spreading malicious software via the browser.

What is an SQL-injection. How can it affect my site. How does it happen and how can I avoid it?

Since Firefox (2 and 3) and MSIE 7 started using Google’s (and others) system for blocking sites that produce harmful web pages the problem with SQL-injections have been put on the spot.

What happens is that an attacker hacks a site by placing their own SQL-code into the database of the victim system. Instead of just performing a DOS (denial of service) attack bringing the whole site down by for instance deleting all the tables or doing something else harmful to the site the attacker plants client side browser code in the database making all visitors run client side code that will infect their computer with a virus. This virus may do everything from listening in on traffic between the client (web browser) and bank applications, to connecting the client system to a botnet.

Needless to say, the SQL-injection attack has become a problem not so much for the owner of the originally defunct site as for the visitors to said site. (Although users of the web should not underestimate the consequence of a good virus protection, system update policy and secure browsing policy).

Since the owner of the vulnerable software won’t notice any detour from business as usual (and neither will most infected clients), nobody is the wiser to the problem.

This is why Google (and others) have started evaluating (and flagging) sites with bad content, and why Firefox and MSIE (and probably others) have started blocking them.

» Continue reading “SQL Injections, the two most common types”

• Stored Procedure Versioning – Stack Overflow
  (tags: versioncontrol sqlserver subversion)
• CodeProject: SQL Server database versioning with Subversion (SVN). Free source code and programming help
  (tags: versioncontrol sqlserver subversion)

I’ve come across a problem in one of my projects at work. It consists of searching and replacing data in a MySQL server. The data to be replaced is an old URL used in lots of text fields all over the place, it is the customers own site URL but since they moved, they now want all URLs to point to their new location.

Searching the web and checking up the MySQL function database returns the following useful command:

REPLACE(str, from_str, to_str)

It would in my case be used like this:

UPDATE myTable SET theTextField =
REPLACE(theTextField, 'http://the.old.site', 'http://the.new.site');

myTable is the table containing the data I want to replace, theTextField is the exact field in which this data is located. Obviously “http://the.old.site” is the existing information, that I want to replace, and “http://the.new.site” is the information this string should be replaced with.

Very simple, very elegant. Now all I have to do is try it out as well. (Expect more reports on the progress of this work!)

I recently lost the password to the MS SQL Server installed on my local machine. A search on possible solutions returned the usual business B$ about paying for software to do the job. However, browsing a little deeper and asking a colleague gave me the following handy solution:

1. Log in to the machine where the SQL Server is installed via Remote Desktop (not needed in my case, since it was my local machine).
2. Start SQL Server client (Microsoft SQL Managment Studio) and log in to the local machine using Windows Authentication.
3. You’re in.
4. (Optionally) With your admin account you can now change the password to something you’ll remember this time! ;o)

1) You find Remote Desktop on the Start Menu in “All Programs > Accessories > Remote Desktop Connection”. Most windows servers will have Remote Desktop installed from the start. If, however you are refused a connection because too many people are logged in, see my previous post about how to solve that problem.

Logging in to the local database using Windows authentication in SQL Server Management Studio.

2) To log in on the local database first open SQL Management Studio (All Programs > Microsoft SQL Server 2005 > SQL Server Management Studio), select the name of the local computer in the “Server name”-text field and select “Windows Authentication” in the “Authentication”-text field. Your user name (the one you used to log in via Remote Desktop) will be displayed in the “User name”-text field and this field and the “Password”-text field will both be disabled. Click connect and you should be logged in as an administrator.