Craig S. Mullins

Return to Home Page

October 2009

 

 

 

                                         



The DBA Corner
by Craig S. Mullins
 


New
Additions to the DBA Bookshelf

 

As my regular readers know, I am an avid reader, especially of technology books. And every now and then I review some of the more interesting database-related books in the DBA Corner column.

The first book I want to discuss is a very timely one: SQL Injection Attacks and Defense by Justin Clarke.  This useful book, published by Syngress, is one that I readily endorse for all of my regular readers. If your job involves reading, writing, or managing your company's data, then you need to familiarize yourself with SQL injection attacks and how to defend against them. Not surprisingly, given its title, that is just what SQL Injection Attacks and Defense provides.

SQL injection is one of the most dangerous, yet misunderstood, security vulnerabilities on the internet. This book, which is devoted exclusively to this one threat, provides the knowledge and tactics you will need to understand and combat SQL injection attacks. From the basics of vulnerability to discovery, exploitation, prevention, and mitigation measures, the book is a SQL injection tour de force. The book is up-to-date and covers unique, heretofore unavailable information. One quick example of a major benefit of this book: you can minimize your risk of experiencing SQL injection attacks by implementing the code level and platform level defenses offered in Chapters 8 and 9.

If you are a DBA, programmer, or system analyst involved in writing internet applications using database systems, then you owe it to yourself to buy and read SQL Injection Attacks and Defense. It just may save your data!

I've also recently received several interesting books on managing Microsoft SQL Server. Let's start with Kevvie Fowler's comprehensive tome, SQL Server Forensic Analysis (Addison Wesley). The techniques outlined in this book can be used to identify unauthorized data accesses and to gather the information needed to recover from an intrusion by restoring your pre-incident database state.

In this day and age, forensic analysis is also a growing need for regulatory compliance, but these disciplines are rarely applied to database systems. SQL Server Forensic Analysis teaches how to remedy that situation. You can use the guidance in Fowler's book to begin collecting and preserving database artifacts safely and non-disruptively.

One of my favorite chapters is the case study that walks through a real-world investigation from start to finish. But that is not the only beneficial chapter of this book. Can you identify, extract and analyze evidence from unpublished areas of SQL Server? Are you able to detect and circumvent SQL Server rootkits? Can you identify and recover previously deleted data using nothing more than native SQL Server commands? After reading SQL Server Forensic Analysis, you can answer "Yes, I can!"

The other useful SQL Server book I've been digesting recently is Microsoft SQL Server 2008 Reporting Services Unleashed (SAMS Publishing). This newly updated edition of this successful book tackles SQL Server's business intelligence capabilities. It offers in-depth coverage including the new features added with Service Pack 1 (SP1), as well as the R2 release of SQL Server 2008. The book works as both a reference and a guide. My favorite feature is the wealth of useful examples that assist the reader in building their own analytical reports using SQL Server.

The last book we will discuss is Oracle Essbase 9 Implementation Guide (Packt). If you are using Oracle's Essbase solution for OLAP processing, then this is a nice book to help guide your development efforts.

The style of the book is highly readable and its coverage is thorough. The book teaches both the concepts of multidimensional database technology, as well as the specifics of using Essbase. Again, I particularly enjoyed the step-by-step examples, but the many tips and tricks for improving your development and management experience with Essbase are invaluable, too.

New database books are published all the time and some of them are quite good. That is the case with the four books we've examined in this month's DBA Corner. These books provide interesting and informative coverage of database management topics that should be of interest to DBAs. Consider taking a look at one ... or all of them yourself.

 

 

 

 

From Database Trends and Applications, October 2009.

© 2009 Craig S. Mullins,  All rights reserved.

Home.