Answer / jerry joseph

1. identify and create optimal indexes for your tables

every table should have at least a clustered index

Indexes should be considered on all columns that are
frequently accessed by the WHERE, ORDER BY, GROUP BY, TOP,
and DISTINCT clauses

Static tables can be more heavily indexed that dynamic tables

2. An SQL Injection attack is a form of attack that comes
from user input that has not been checked to see that it is
valid. The objective is to fool the database system into
running malicious code that will reveal sensitive
information or otherwise compromise the server.

Example:
StrSQL = "SELECT * from Users WHERE username = '" +
txtUserName.Text + "' AND password = '" + txtPassword.Text +
"'";
if txtUserName is entered as "admin' OR 1 = 1;--" the query
becomes
"SELECT * from Users WHERE username = 'admin' OR 1 = 1;--'
AND password = '" + txtPassword.Text + "'"
user logs in as admin

Prevention :
Use Parameterized Queries or Stored Procedures to prevent
SQL Injection.

What is sql service broker?

0 Answers  

---

What are the different type of replication in sql server?

0 Answers  

---

explain different levels of normalization? : Sql server database administration

0 Answers  

---

Explain the new features of SQL server 2000?

1 Answers  

---

what protocol both networks use? : Sql server database administration

0 Answers  

---

What are views used for?

0 Answers  

---

Which virtual table does a trigger use?

8 Answers   TCS,

---

How sql server enhances scalability of the database system?

0 Answers  

---

How to swap the data of two columns in a table. both the columns containing varchar values.

9 Answers  

---

How to use group functions in the select clause in ms sql server?

0 Answers  

---

How to drop existing views from a database in ms sql server?

0 Answers  

---

Write query to return all rows sql?

0 Answers  

---