How to Test SMTP Server is working ?
December 5, 2011
Here is way how can you test that SMTP Server is working on SMTP Port 25.
· Open Command window by typing cmd.
· Type the following command where smpt.yourdomain.com is the address of the smtp server and 25 is the default port number.
o Telnet smpt.yourdomain.com 25
· You will see the output:
o 220 mailserver.yourdomain.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Sat, 3 Dec 2011 08:34:14 +0200
· The above message indicates that SMTP has been configured or the existing server IP has been added to SMTP relay.
· For more detail you type help the response will be:
o When you type the ‘help’ command the available commands are listed:
214-This server supports the following commands:
214 HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ATRN ETRN BDAT VRFY
In case of failure you can check the current server IP is added into SMTP server relay list.
All the best!
CWE/SANS TOP 25 Most Dangerous Programming Errors
July 20, 2011
CWE/SANS TOP 25 Most Dangerous Programming Errors
Experts Announce Agreement on the 25 Most Dangerous Programming Errors – And How to Fix Them
Agreement Will Change How Organizations Buy Software.
Each entry at the Top 25 Errors site also includes fairly extensive prevention and remediation steps that developers can take to mitigate or eliminate the weakness.
CATEGORY: Insecure Interaction Between Components
CWE-20: Improper Input Validation
It’s the number one killer of healthy software, so you’re just asking for trouble if you don’t ensure that your input conforms to expectations…MORE >>
CWE-116: Improper Encoding or Escaping of Output
Computers have a strange habit of doing what you say, not what you mean. Insufficient output encoding is the often-ignored sibling to poor input validation, but it is at the root of most injection-based attacks, which are all the rage these days…MORE >>
CWE-89: Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)
If attackers can influence the SQL that you use to communicate with your database, then they can…MORE >>
CWE-79: Failure to Preserve Web Page Structure (aka ‘Cross-site Scripting’)
Cross-site scripting (XSS) is one of the most prevalent, obstinate, and dangerous vulnerabilities in web applications…If you’re not careful, attackers can…MORE >>
CWE-78: Failure to Preserve OS Command Structure (aka ‘OS Command Injection’)
When you invoke another program on the operating system, but you allow untrusted inputs to be fed into the command string that you generate for executing the program, then you are inviting attackers…MORE >>
CWE-319: Cleartext Transmission of Sensitive Information
If your software sends sensitive information across a network, such as private data or authentication credentials, that information crosses many…MORE >>
CWE-352: Cross-Site Request Forgery (CSRF)
With cross-site request forgery, the attacker gets the victim to activate a request that goes to your site. Thanks to scripting and the way the web works in general, the victim…MORE >>
CWE-362: Race Condition
Attackers will consciously look to exploit race conditions to cause chaos or get your application to cough up something valuable…MORE >>
CWE-209: Error Message Information Leak
If you use chatty error messages, then they could disclose secrets to any attacker who dares to misuse your software. The secrets could cover a wide range of valuable data…MORE >>
CATEGORY: Risky Resource Management
CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
Buffer overflows are Mother Nature’s little reminder of that law of physics that says if you try to put more stuff into a container than it can hold, you’re…MORE >>
CWE-642: External Control of Critical State Data
There are many ways to store user state data without the overhead of a database. Unfortunately, if you store that data in a place where an attacker can…MORE >>
CWE-73: External Control of File Name or Path
When you use an outsider’s input while constructing a filename, you’re taking a chance. If you’re not careful, an attacker could… MORE >>
CWE-426: Untrusted Search Path
If a resource search path is under attacker control, then the attacker can modify it to point to resources of the attacker’s choosing. This causes the software to access the wrong resources at the wrong time…MORE >>
CWE-94: Failure to Control Generation of Code (aka ‘Code Injection’)
For ease of development, sometimes you can’t beat using a couple lines of code to employ lots of functionality. It’s even cooler when…MORE >>
CWE-494: Download of Code Without Integrity Check
You don’t need to be a guru to realize that if you download code and execute it, you’re trusting that the source of that code isn’t malicious. But attackers can perform all sorts of tricks…MORE >>
CWE-404: Improper Resource Shutdown or Release
When your precious system resources have reached their end-of-life, you need to…MORE >>
CWE-665: Improper Initialization
Just as you should start your day with a healthy breakfast, proper initialization helps to ensure…MORE >>
CWE-682: Incorrect Calculation
When attackers have some control over the inputs that are used in numeric calculations, this weakness can lead to vulnerabilities. It could cause you to make incorrect security decisions. It might cause you to…MORE >>
CATEGORY: Porous Defenses
CWE-285: Improper Access Control (Authorization)
If you don’t ensure that your software’s users are only doing what they’re allowed to, then attackers will try to exploit your improper authorization and…MORE >>
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
You may be tempted to develop your own encryption scheme in the hopes of making it difficult for attackers to crack. This kind of grow-your-own cryptography is a welcome sight to attackers…MORE >>
CWE-259: Hard-Coded Password
Hard-coding a secret account and password into your software’s authentication module is…MORE >>
CWE-732: Insecure Permission Assignment for Critical Resource
If you have critical programs, data stores, or configuration files with permissions that make your resources accessible to the world – well, that’s just what they’ll become…MORE >>
CWE-330: Use of Insufficiently Random Values
If you use security features that require good randomness, but you don’t provide it, then you’ll have attackers laughing all the way to the bank…MORE >>
CWE-250: Execution with Unnecessary Privileges
Spider Man, the well-known comic superhero, lives by the motto "With great power comes great responsibility." Your software may need special privileges to perform certain operations, but wielding those privileges longer than necessary can be extremely risky…MORE >>
CWE-602: Client-Side Enforcement of Server-Side Security
Remember that underneath that fancy GUI, it’s just code. Attackers can reverse engineer your client and write their own custom clients that leave out certain inconvenient features like all those pesky security controls…MORE >>
Resources to Help Eliminate The Top 25 Errors
The TOP 25 Errors List will be updated regularly and will be posted at both the SANS and MITRE sites
www.sans.org/top25
cwe.mitre.org/top25/
Exams
—–
MCTS prerequisite: TS: Microsoft SharePoint 2010, Application Development
Exam 70-573 (You will be after this exam MCTS – Microsoft Certified Technology Specialist)
MCPD requirement: PRO: Designing and Developing Microsoft SharePoint 2010 Applications
Exam 70-576
MOCs/Official Training
———————-
10175 TS: Microsoft SharePoint 2010, Application Development
10231 IT Pro: Designing and Deploying Microsoft SharePoint 2010
Books
—–
MS Press Microsoft SharePoint 2010 Administrator’s Companion
by Bill English, Mark Ferraz, and Brian Alderman
For more information
——————–
http://www.microsoft.com/learning/en/us/certification/mcpd.aspx#tab2
http://www.newhorizons.com/Microsoft-MCPD-SharePoint-Developer-2010.aspx
Clustr Maps
June 20, 2011
Provides free HTML link that gives you a tiny map. When it loads, it increments a counter and shows the locations of all visitors to your page, cumulatively (even for huge numbers). Clicking on it zooms in to a big world map, and (optionally) lets you zoom in to the continents, as in the example above. For light users (under 2500 visitors daily) the service is free, forever, and stores cumulative totals up to millions of visitors.
Best Practices – MS SQL Server Programming
April 17, 2011
Best Practices – MS SQL Server Programming
Contents
1) Query Constructs
2) Code Re-useable Techniques
3) Environment Settings
4) Coding Style
5) Naming Conventions
6) Other Useful tips
1) Query Constructs
Expressions
o Simple & Complex Expressions
Clauses
o Select, From
o Where
o Group by
o Order by
o Having
o Insert, Update, Delete
o INTO
Joins
o Inner
o Outer (Left, Right, Full)
o Cross
Iterations
o Cursors (Static, Dynamic)
o While Loops
Derived & Temporary Tables
o Sub-Query
o Local & Global Temporary Tables
Apply Clause
o Outer Apply
o Cross Apply
LIKE, TOP, UNION, UNION ALL, EXCEPT, INTERSECT
TRYCATCH
Things to consider
Avoid to use expressions in where clause
Always use Column names list in Select Clause, avoid using SELECT *
Restrict data rows selection by using WHERE clause
Avoid using WHERE IN (query), convert it into joins or apply clause.
Use the GROUP BY clause to filter group function results by the columns of the SELECT statement instead of grouping every record
Use the HAVING clause to filter groups based on group function values instead of using WHERE to filter records before they are grouped
Use GROUP BY clause to gather distinct values instead of DISTINCT clause.
Do not use the column numbers in the ORDER BY clause as it impairs the readability of the SQL statement. Further, changing the order of columns in the SELECT list has no impact on the ORDER BY when the columns are referred by names instead of numbers.
Use the more readable ANSI-Standard Join clauses instead of the old style joins. With ANSI joins the WHERE clause is used only for filtering data. Whereas with older style joins, the WHERE clause handles both the join condition and filtering data.
Try to avoid server side cursors as much as possible. Always stick to ‘set based approach’ instead of a ‘procedural approach’ for accessing/manipulating data. Cursors can be easily avoided by SELECT statements in many cases. If a cursor is unavoidable, use a simple WHILE loop instead, to loop through the table.
Use derived and temporary tables to make filtered data selections as per requirement.
Avoid using global temporary tables
Avoid using INLINE queries.
Try to avoid wildcard characters at the beginning of a word while searching using the LIKE keyword, as that results in an index scan, which is defeating the purpose of having an index, also avoid searching with not equals operators (<> and NOT) as they result in table and index scans.
Avoid to use of dynamic SQL, if necessary use with care as it leads to SQL injection.
2) Code Re-useable Techniques
Procedures
o Temporary (Local & Global) Procedures
o System Procedures
o Extended Procedures
o Internal Procedures
o User Procedures
Functions
o Scalar UDFs
o In-Line and Table-valued UDFs
o Built-in Functions
Triggers
o After Triggers
o Instead Of Triggers
o CLR Triggers
Views
o Standard views
o Indexed views
o Partitioned views (Local & Distributed)
o Parameterized views
Code Re-useable Techniques Best Practices
include SET NOCOUNT ON statement
Use schema name with object name
Do not use the prefix sp_ in the stored procedure name
Use IF EXISTS (SELECT 1) instead of (SELECT *)
Use the sp_executesql stored procedure instead of the EXECUTE statement
Try to avoid using SQL Server cursors whenever possible
Keep the Transaction as short as possible
Use TRY-Catch for error handling
User defined function are most likely not recommended.
Views are mostly implemented to hide complex logics, for security reasons or to hide actual implementations.
Always avoid making view on other views.
3) Environment Settings
Date and time statements
o SET DATEFIRST (@@DATEFIRST)
o SET DATEFORMAT (mdy)
Locking statements
Miscellaneous statements
o SET CONCATE NULL YIELDS NULL
o SET IDENTITY INSERT
Query execution statements
o SET NOCOUNT
o SET ROWCOUNT
4) Coding Style
Adopt a convention
Use indenting to help break up the sequence of statements, so that conditional statement flow is readily apparent.
Some people like to use a fixed 3- or 4-spaces per indent level, while others like it to vary depending on the statement preceding the indent.
Capitalize the entire keyword that SSMS would display in blue (e.g. within a stored procedure).
Camel case the names of system functions like CharIndex() .
Keep lines short so that horizontal scrolling isn’t necessary.
Use Begin and End blocks. Place the Begin at the end of the conditional clause and place the End on its own line but at the same indent level as the If or While that initiated its use.
Use SET for assignment statements. An exception is SELECT @Err=@@Error, @RC=@@RowCount when both assignments must be made at the same time.
Use SELECT for assignment statements that require a query.
Dispense with the superfluous AS in data type statements and when aliasing.
5) Naming Conventions
Tables
Mostly no need any prefix, but we are using tblXXXXX
o Name should be descriptive for an entity
o Use prefix for look up tables like luXXXX or tblLUXXXX
o Many-to-many (conjoint) tables should be separated by underscore.
o Table/Entity name may be singular or plural.
o Never use a name that requires [ ].
o Columns
o Avoid underscores
o Never use column name that require [ ]
o Dont use abbreviation, name should be descriptive.
o Primary key should be same in all tables (Parent & Child)
Views
o Common prefix used vwXXXX or vXXXXXX
o Avoid use of underscores
o Should be under particular schema.
Procedures
o Prefix may be uspXXXX or sProjectDESCRXXXXX
o Should be under particular schema.
Functions
o Common prefix used ufnXXXX or fnXXXX or udfXXXXXX
o Must be associated to schema.
Alias Names
o Use initials of each word from table name
o Always specify name to an expression or computed column
6) Other Useful Tips
Do not depend on undocumented functionality.
Do not use varchar fields for dates. SmallDateTime is sufficient for most purposes.
NULL and NOT IN Predicate
Incorrect sub-query column, care mostly in DML statements
Predicate evaluation order (From, Where, group by, having, Order by)
Avoid the use of excessive cursors. They are slow and very rarely necessary.
Avoid the use of triggers. When used, focus on its complexity, if it is complicated, it will slow down DML.
Write comments in your stored procedures, triggers and SQL batches generously, whenever something is not very obvious. This helps other programmers understand your code clearly.
General template to write batch codes:
Comments:
Program Name:
Programmer:
Date Created:
Purpose:
Dependency:
History of Changes:
Use ‘User Defined Data types’, if a particular column repeats in a lot of your tables, so that the data type of that column is consistent across all your tables.
Minimize the usage of NULLs, as they often confuse the front-end applications, unless the applications are coded intelligently to eliminate NULLs or convert the NULLs into some other form.
Always access tables in the same order in all your stored procedures/triggers consistently. This helps in avoiding deadlocks. Other things to keep in mind to avoid deadlocks are: Keep your transactions as short as possible. Touch as less data as possible during a transaction. Never, ever wait for user input in the middle of a transaction.
Offload tasks like string manipulations, concatenations, row numbering, case conversions, type conversions etc. to the front-end applications, if these operations are going to consume more CPU cycles on the database server. Also try to do basic validations in the front-end itself during data entry. This saves unnecessary network round trips.
Internet Explorer 9 – Developer Overview
March 18, 2011
Download Wallpapers
Download Slide Show – IE9 Dev Overview by Asim
Here are the link that I used in today’s session “Internet Explorer 9 – Developer Overview”.
Beauty of the Web – IE 9 Download it
IE 9 Test Drive
Test Border in dfferent Browsers
Flying Images
Network Monitoring
API -Window.msPerformance
What is your browser of choice?
Are you an ex-IE user considering a return?
Let us know using the comments below.
Internet Explorer 9
March 17, 2011
On 14th March 2011, the final version of Inter Explorer 9 has been launched.
Thanks to Brine Hall General Manager Internet Explorer / Windows Live and his brilliant team.
Drop Hash(#)/Temp Table If Exists
October 13, 2010
Drop Hash(#)/Temp Table If Exists
Every time you execute your query you have to drop the Hash(#) table by check Drop if Exist or you get the message “There is already an object named ‘#temp_Table’ in the database.”.
There is another good way to solve this by checking the TempDB database which keeps the temp tables and we can only check if exist drop it.
Here is code:
IF OBJECT_ID(‘tempdb..#temp_Table’) IS NOT NULL
BEGIN
DROP TABLE #temp_Table
END
Passing Arrays in SQL Parameters using XML Data Type in SQL Server 2005
A very good technique using XML as parameter to SQL stored procedures. Passing an array of objects to a stored procedure improves performance for batch operations. This can improve both the performance and scalability of an application.
I have already implemented it by passing collection of objects as XML and then retrieving in SQL procedure, if someone needs help.
Using XML data types in SQL Server 2005, we can pass an array of values from an application server to the database.
Introduction
Passing arrays of values as SQL parameters has always been troublesome in T-SQL. In SQL Server 2005, the XML data type can help simulate arrays.
Using XML
One of the big highlights of SQL Server 2005 is the introduction of the XML data type. XML is great for transporting all sorts of structural information. Using XML, we could implement the scenario from the previous section. We would simply convert an array (e.g. {42, 73, 2007}) into an XML document:
<list>
<item>42</item>
<item>73</item>
<item>2007</item>
</list>
This approach would have many advantages:
- Extracting the information from the XML document in T-SQL is straightforward using the x-query capability of T-SQL.
- There are special characters in the serialization process (e.g. <, >), but the escaping mechanism of XML is well known and is taken care of by T-SQL.
- The semantics of the stored procedure are somewhat clearer, since
XMLalways represents a package of information.
Using the Code
The mini-library proposed in this article consists of a static helper class in C# and a T-SQL function. The static class has one method:
public static SqlXml GetXml(IEnumerable list)
{
//We don't use 'using' or dispose or close the stream,
//since it leaves in the return variable
MemoryStream stream = new MemoryStream();
using (XmlWriter writer = XmlWriter.Create(stream))
{
writer.WriteStartElement("list");
foreach (object obj in list)
{
writer.WriteElementString("item", obj.ToString());
}
writer.WriteEndElement();
stream.Position = 0;
return new SqlXml(stream);
}
}
It takes a list of objects (any type of object; it simply relies on the ToString implementation) and returns an XML variable ready to be fed to an SqlParameter. On SQL Server, the function is an inline table function:
CREATE FUNCTION [lm].[SplitList]
(
@list AS XML
)
RETURNS TABLE
AS
RETURN
(
SELECT tempTable.item.value('.', 'VARCHAR(MAX)') AS Item
FROM @list.nodes('list/item') tempTable(item)
);
It takes an XML parameter and returns a table with one column where each row is the content of an XML node.
For detailed reference: http://www.codeproject.com/KB/reporting-services/PassingArraysSQLParameter.aspx
Implementing Optional Parameters in T-SQL Stored Procedures
October 4, 2010
Implementing Optional Parameters in T-SQL Stored Procedures
A handy technique when dealing with optional parameters at Stored Procedure Level (T-SQL).
Let: You have a stored procedure GetCustomers with two parameters: LastName, FirstName. The stored procedure returns all the records matching the values of the parameters. You want the parameters be optional, which means skipping the parameter if you do not pass a value.
T-SQL does not provide optional parameters, but you can implement one.
1. You have original stored procedure
2. Add =null at your parameter declaration of the stored procedure
3. Add IS NULL at your WHERE clause
-
- image004
-
- image007
4. Now you have optional parameters in the stored procedure
