DATABASE BACKUPS, RECOVERY, AND MAINTENANCE in C#.net

Display Data Matrix 2d barcode in C#.net DATABASE BACKUPS, RECOVERY, AND MAINTENANCE

Each type of PIMList can contain an arbitrary number of categories. Categories logically group together groups of items. In a ToDo list, you might have separate categories for Sales, Research, Projects, and Personal. Then, when adding a new ToDo item, you could choose to assign it to an appropriate category. Note: Preloaded BlackBerry applications sometimes refer to a category as a Filter. Categories are entirely optional. PIMList includes a special type of category called UNCATEGORIZED that is associated with every item in the list that does not belong to any category. If you do choose to assign a category to an item, that category must already exist. You can determine this by querying the associated list as shown below. String[] categories = contacts.getCategories(); Categories in PIM are more like tags than folders. Each individual item might belong to zero, one, or many categories. If you need to pick up flowers for a co-worker s birthday party, you might file that in your ToDo list under both Projects and Personal. Later, when you filter by Projects, Personal, or all, you will see that reminder. Figure 6-2 shows a theoretical user s address book as organized by categories.

Maintaining multiple keychains like this allows us to organize data and assign different credentials and security policies to each keychain. This provides a very secure environment. However, there are still a few considerations that will be missed by most users. First and foremost, it s important to ensure that each keychain (outside of your login keychain) has a globally unique password: if the keychain password itself is the same as a password utilized elsewhere, it is possible that it will be compromised, especially if that password is saved in a keychain somewhere; if a password item in Keychain A has the same credentials as those used by Keychain B itself, Keychain B will be compromised if Keychain A is first compromised. If Keychain A in this example is the login keychain, then this is exceptionally bad. Because the login keychain utilizes the same password as the user s password by default, its credentials are more exposed. Consider this: a user s login password is stored in the form of a hash on the local hard drive. On an OS X client machine by default a user s password is stored solely in the form of a SHA-1 hash inside the folder /var/db/shadow/hash. Thankfully, this file is protected with root-only access, so to access this file, a malicious user will need to either compromise your machine remotely, or gain physical access. Additionally, SHA-1 has proven to be a tough nut to crack, and is generally considered in the security industry to be a very secure algorithm. So the presence of this hash isn t a huge problem in and of itself. The problem is that SHA-1 is not necessarily the only hash format that is stored in this file. For instance, if you enable Windows file sharing for a user, an NTLM hash is then added to the user s hash file. Not all hashes are created equal, and NTLM has proven to be very susceptible to attack. In fact, a six-digit password stored in the NTLM hash can typically be cracked in a matter of minutes. Like a series of dominoes, once the login password is obtained, the login keychain is felled. If the login keychain has a single saved password containing the same password as one of your other keychains, then those keychains are also compromised, along with all of the items that they might contain. Suddenly this one small weakness has resulted in all encryption being negated. To avoid such a chain reaction, common security practices can save the day. First and foremost, make sure that your login password is secure: at least eight characters, containing at least one alphabetic character, one capital character, one number, and one special character. The longer the password, the more secure it is from cracking. Additionally, avoid enabling Windows file services on an OS X client machine,

would be available for everyone to use, to study, and to adapt. It would be free, in the same sense as free speech shared and unrestricted. This gave rise to the vital concept of free software and soon GNU, and the FSF, became not just a programming venture, but also a political movement.

So far, this chapter has examined how to implement cryptographic systems within your app. You have seen how this requires making appropriate choices about the specific crypto algorithm you will use, how to create and distribute keys, and other issues. However, it is possible to get cryptographic security through existing systems without inventing your own. Consider the options covered in this section if you want more passive protection.

To apply this umask in OS X 10.5 or later, simply run the umask command with the desired mode /usr/bin/umask 002. Unfortunately, executing umask may not affect all running processes, and the result won t persist across reboots. To remedy the situation, we recommend using the launchduser.conf file found at /private/etc/launchd-user.conf. To set this, simply run echo "umask 002" >> /private/etc/launchd-user.conf as root. That s it. Reboot and you re done. From now on, whenever your machine boots up, it will read this file and set the desired umask value for any user sessions.launchd.conf at the root of their home directory. If you re running OS X 10.4 or earlier, the process for changing the umask is slightly different and a lot more complex. We recommend installing the program Umask Doctor and setting it to launch at login if you do not wish to do this programatically. This utility specifically performs this duty, and it works out pretty well. Alternatively, you can simply make the change via the defaults command run with root/sudo privileges:

The last section in this chapter is our first look at locking down security within SQL Server. The Surface Area Configuration tool, or SAC, which is new to SQL Server 2005, is not, as the name may imply, a tool for configuring what parts of SSMS are displayed on your screen or how. This tool is a method for reducing the number of services and components of SQL Server that run to help protect SQL Server from a security breach. You can also change how SQL Server runs to the same end. This tool does have a number of areas that can be configured, but we will take a look at only four of these services, which will give you good grounding in how to work with the other services and components when the need arises. Every item within this tool can be dealt with from another means within your computer. For example, with services, you can also do the same actions we will be performing from Control Panel Administrative Tools Services. The benefit of the Surface Area Configuration tool, though, is that it offers a unified interface and brings together all the items required to keep security of SQL Server at its optimum, in one place.

1. The first example will use CAST to move a number to a char(10). DECLARE @Cast int SET @Cast = 1234 SELECT CAST(@Cast as char(10)) + '-End' 2. Executing this code results in a left-filled character variable, as shown in Figure 11-38.

However, because the EmployeeID column in the Employees table is an IDENTITY column, you can t explicitly assign a value to it.

<Canvas xmlns="http://schemas.microsoft.com/client/2007" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" Width="640" Height="480" Background="White" x:Name="Page"> <Canvas Canvas.ZIndex="1" Width="214" Height="145" Canvas.Top="59" Canvas.Left="8"> <Rectangle Width="191" Height="104" Fill="White" Stroke="Black" Canvas.Top="19"/> </Canvas> <Canvas Canvas.ZIndex="0" Width="254" Height="162" Canvas.Left="69" Canvas.Top="129"> <Rectangle Width="211" Height="154" Fill="Black" Stroke="Black"/> </Canvas> </Canvas>