Things You Shouldn’t Do In SQL Server


Doug Seven has compiled a list of 26 bad practises to avoid when using SQL Server:

Free JavaScript: Novice to Ninja Sample

Get a free 32-page chapter of JavaScript: Novice to Ninja and receive updates on exclusive offers from SitePoint.

  • mysh

    server returns errors … probably the best practice is to avoid ms sql ;))


    Server Error in ‘/WebLog’ Application.

    Runtime Error

    Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

    Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a “web.config” configuration file located in the root directory of the current web application. This tag should then have its “mode” attribute set to “Off”.

  • EP

    Good Stuff

  • M. Johansson

    It’s bad to store passwords in the the Web.Config file? I always thought that was a might good place to store your passwords and connections strings?

  • miseldine

    Unencrypted :) Encrypt your connection string, encode it (Base 64 say), and put that output into your web.config file. Then when you need to use it, decode it, and decrypt it.

    As web.config files aren’t visible pubically on the web, I do wonder if its worth the effort. But then, no such thing as too secure with connection strings…