SQL

Microsoft Azure strives to beat the competition {2}

by Willen L
In this article the author talks about Microsoft Azure Database, Microsoft’s cloud database, and how it is transforming to be more like SQL server by having features that you will find only in SQL servers. He states that Microsoft is trying to gain on the race against Amazon and Google and one way to attempt this is by making SQL Azure function more like SQL server that is onsite. The changes will allow developers to work with Azure without learning the extras that make it different from SQL Server. Also, Microsoft has many other changes they would like to implement; there is Azure Datasynch that will let SQL Azure be synchronized with tables in SQL Server. This allows whole databases to be synchronized. There is also Azure’s caching service; this allows Microsoft to cache frequently used data and business logic for faster operations. One last thing Azure wants to change is to enable users to control virtual machines that are sent to the cloud that let end users set policies to control the operation of the VM in azure. read more...

Two-tier vs. Three-tier Systems {2}

by Jasmine C
The article I read about discussed the client/server system and how there is a choice between a two tier and three tier architecture system.  Some of the ways to choose between the two tiers is to take into consideration the scope and difficulty of a particular project, the number of users the system will be used by, the transaction needs of the system, etc.  In both of the tiers, they each have the components of presentation, processing, and data.  However, each tier separate these three components differently.  The article then goes on to discuss the differences between between the two tiers.  In the two tier architecture, the three components are “divided into two software entities: client application code and data base server” (Gallaugher).  According to Gallaugher, he client deals with the presentation aspect, both the client and the server handle processing, and the server stores and accesses the data.  In this tier also, there is high application development speeds and this type of architecture works well with homogeneous environments.  The downfalls about this tier is if you change an aspect of your business, then it’s mandatory that you change your client logic.  Also, system security is lacking because of the need for different passwords.  With a three-tier architecture, some of the boundaries placed by a two tier system are attempted to be overcome.  In this tier, presentation, processing, and data are separated into different tiers.  This tier also utilizes the remote procedure call, RPC,tool that calls from the client to the server.  This tool “provides greater overall system flexibility than the SQL calls made by clients in two tier architecture” (Gallaugher).  Another advantage of this tier is that because the three components have their own tier, they can be developed in parallel and resources can be allocated more freely.  Even though a three tier architecture requires more planning than a two tier, the advantages provided are well worth it. read more...

SQL Sever Encryption {1}

by Han C
With cyber crime on the rise, database administrators must  do everything they can to prevent data from being compromised. This article introduces a new product called ActiveCrypt DBDefence which is designed to lock down database log files inside 32 and 64 bit systems on SQL Server 2000, 2005, and 2008. The enterprise eidition of DBDefence can be a very useful too for organizations looking to encrypt data in SQL Server 2008. What this software does is it implements transparent 128-bit AES encryption for any selected SQL Server Database. By transparent, meaning a database administrator does not need to modify SQL requests to handle encrypted fields or modify any other existing queries. It can even encrypt databases for applications when the customer does not have access to the source code. One example the article provides is when a customer wants to encrypt a CRM application database, DBDefence can still encrypt the database without given customer’s access to the actual source code. DBDefence also aids network administrators because it runs as a server-side software and does not need to be installed on individual client computers. read more...

SQL Flaw Enables Attack {4}

by Kevin Q
In the article that I read, James Cohen goes over a massive web attack dubbed the “LizaMoon.” The attack was made possible due to an SQL Flaw in which malicious code was injected into the SQL databases that ran many websites. This would then direct users browsers to a new site where a fake antivirus with malicious intent was installed on their machine with no consent. People would then be told they have a virus and prompted to input their credit card information in order to “fix” the problem. Many websites were hit by this attack but it first happened on lizamoon.com, hence the attack was named “LizaMoon.” Numerous sites were effected by this attack, and many people were tricked into surrendering their credit card info. It then goes on to how fake antivirus programs have been a problem to users in the recent years. read more...

Joomla incorporates MySQL {1}

by Ermie C
This article is about how the new edition of Joomla has now made it possible to use Microsoft SQL Server, PostGreSQL, and MySQL.  This multi-database support has become a great plus for business owners that use Joomla for their websites.  There won’t be as much hassle by being limited to just one database structure.  This is because the creators have only made previous Joomla versions to only incorporate MySQL.  However, with the new integration of multi-database functions, the use of PHP could allow Joomla to connect with the new database tools.  There’s a couple of new things they added also; the ability to incorporate a search engine function and something called stemming where it assumes the word that is being searched.   Then there is also auto completion.  In a nutshell, they have made the interface for Joomla, a lot more user friendly and this is what will attract new customers and keep the long lasting consumers of 1.6 million websites. read more...

Joins in SQL {Comments Off on Joins in SQL}

by Polun L
The article, “Writing SQL Statements That Use Joins to Combine Data from Multiple Tables”, is briefly related to our this week class materials which are combining data from multiple tables by using joins. Where clause is used to bring data from more than one table into a set of query. If it does not include where clause, the return would be huge and meaningless because the select statement matches every record with each customer for the return. The second join has two clause types, inner join and outer join. Inner join creates a record set when they match records from both table while outer join creates a record set from a specified table and a related look up table that matches records in the master table. Also, users can apply an outer join with either left join clause or right join clause. These two different joins represents the order in which users specify a master table or a look up table. read more...

SQL Server R2 2009 Update: Code Name Kilimanjaro {Comments Off on SQL Server R2 2009 Update: Code Name Kilimanjaro}

by Evin C
This week I have chosen another peer-reviewed article discussing new business intelligence (BI) functionality and management features that will be or has been implemented into SQL already. Referring to the “mini-release” as code name Kilimanjaro, this release has the potential to really innovate the way businesses apporach SQL and it’s DBMS capabilities. Some of the features of this update include three exciting new features: self-service analysis, self-service reporting and Master Data Services. SQL Server Analysis Services (SSAS) allows the user from their desktop to “access, manipulate and report against managed and unmanaged data sets, including large data sets.” This allows for more freedom for information workers (IW’s) and also improves the efficiency of the IT departments in any organization. “For IT, Gemini helps keep core data secure, while freeing IT from having to spend a lot of time addressing ad hoc user requests. IT pros have the tools to manage shared Gemini solutions— including data refresh, model security, and resource utilization—and can enhance the model as more and more workers use it.” read more...

NoSQL and Document-Oriented Databases {Comments Off on NoSQL and Document-Oriented Databases}

by Toan T
Any database that does no support the SQL language is known as an NoSQL database. NoSQL was inspired and created based off Lotus notes, a program that was co-created by Lotus founder Mitch Kapor and Microsoft chief architect Ray Ozzie as a personal productivity tool. Lotus notes was never thought to be a database application; it was more thought of as an alternative to Microsoft Outlook. However, Lotus Notes included a back-end database that was optimized for sorting and working with complex documents. The program ended up inspiring the approach taken by two of today’s best-known NoSQL systems: CouchDB and MongoDB. What makes NoSQL so different is that the database systems store information not as normalized relational tables, but as documents in rich self-describing structure. It uses a  variant of JavaScript Object Notation which is similar to XML to store the documents. This approach offer more compact storage and lower processing overhead. Document databases primarily appeal to developers for the very reason that relational databases don’t. The RDBMS entity-relational data model is usually inherently different from the object-oriented model of the modern programming languages. It impacted programmer productivity by the need of translating objects back and forth from the database to the program. In document database, the document can map almost directly to the programming language’s class structure. This makes programming easier, but does raise issues of data integrity, since some data are almost inevitably duplicated. Document databases also promise a more flexible approach to schema changes. In an RDBMS, any change to the data model is costly: programs need to modified, then deployed in conjunction with the schema change. In a document database, an application document can be modified whenever it wants. That is a good thing and is also a bad thing since it can be a risk to have inconsistent or obsolete document structures as a result of application version changes in document databases. The document model also have some scalability features. Since all the data needed for most operations is held in a single document, there is no need for joins and multi-object transactions. Avoiding joins and transactions eases clustering issues. read more...

Hacking Into Apple’s Server {4}

by Abubaker D
My article is talking about a group of hackers that managed to hack into one of Apple’s servers. The anonymous group was able to infiltrate into the server that Apple used to process technical support follow-up surveys. With the attack, they were only able to retrieve 27 user names and passwords, and from what Apple is saying, there was no customer data compromised. The group used mysql database to perform the hack which is possibly a SQL injection. And Apple suspects that it could be the result of a similar style of hack often used by former hacker group Lulzsec. Lulzsec used SQL injections to hack into and get information from Sony Pictures and PBS. But the group was supposedly disbanded. Apple is curios if the same members of Lulzsec were the ones that performed the attack. Here’s what a Luzsec representative posted on his twitter account “After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database passwords, which we proceeded to shift silently back to our storage deck”. Apple has not commented on what the twitter post had to say or the alleged Lulzsec attack. read more...

SQL Injection, a problem that is avoidable {1}

by Willen L
In this article the author talks about SQL injection and how it’s been around for more than a decade and many companies do not know how to deal with it or not even implementing solutions to fix this widespread problem. SQL injection is a code injection technique that exploits vulnerability in websites software where arbitrary data is inserted in code that is executed by a database thus compromising the database. Hackers can use this information for Identity Fraud, which cost the US 4.7 billion every year. Knowing this, Microsoft has been giving tips for programmers on how to protect against SQL injection since 2005 but it hasn’t made much of a difference. The author states that this problem is going to rise with how fast technology moves and from the amount of people in the world in the future. It’s up to the individual companies IT managers to step in and access their systems to determine if they are vulnerable and to make security improvements to prevent attacks. The author states that if companies take the necessary precautions, they can prevent 87% of attacks. What the scary thing is that generally it takes about 6-8 months for the company to realize that their database has been breached… read more...