Things You Shouldn’t Do In SQL Server

Doug Seven has compiled a list of 26 bad practises to avoid when using SQL Server:

http://dotnetjunkies.com/WebLog/dougseven/archive/2004/02/16/7329.aspx

Free book: Jump Start HTML5 Basics

Grab a free copy of one our latest ebooks! Packed with hints and tips on HTML5's most powerful new features.

  • mysh

    server returns errors … probably the best practice is to avoid ms sql ;))

    ——————————————————-

    Server Error in ‘/WebLog’ Application.

    Runtime Error

    Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

    Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a “web.config” configuration file located in the root directory of the current web application. This tag should then have its “mode” attribute set to “Off”.

  • EP

    Good Stuff

  • M. Johansson

    It’s bad to store passwords in the the Web.Config file? I always thought that was a might good place to store your passwords and connections strings?

  • http://www.miseldine.com miseldine

    Unencrypted :) Encrypt your connection string, encode it (Base 64 say), and put that output into your web.config file. Then when you need to use it, decode it, and decrypt it.

    As web.config files aren’t visible pubically on the web, I do wonder if its worth the effort. But then, no such thing as too secure with connection strings…