Henk Oberholzer

OK, this post is more of a reminder for myself, rather than being a tutorial or interesting observation...

When Microsoft Outlook blocks access to a certain attachment (by file type), the magic registry key that needs to be edited (and possibly also created), is: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security\Level1Remove (a string value). Note that the "12.0" part may be different depending on the version of Outlook you are using.

Within this key, add the extension of the file types you want to unblock separated by semi-colons, for example: ".chm;.exe"

Microsoft recommends restarting your computer to allow the changes to take effect, but simply restarting Outlook will probably be sufficient...

I've just completed my first project as an independent contractor and it feels great! Even managed to deliver well before the deadline after suffering some setbacks time-wise (although it did involve some late nights/early mornings).

Without going into detail, the project allowed me to gain some experience in developing for Windows Compact Edition, some networking, creating a multi-threaded user interface, and integrating with Quickbooks (financial accounting software). I also worked with SQLite for the first time, and although I never did manage to find a proper O/R mapper to use, I was quite impressed with its performance and ease of use.

Mental note: next time do better with keeping the specs and unit tests up to date!!

Information theft is a BIG thing and it’s only going to get bigger in the foreseeable future. Now, a lot of people talk the talk – but my question to you today is: do you walk the walk? Can you honestly say that in the event of your notebook OR desktop being stolen today, that you wouldn’t be worried about your data getting into the wrong hands? If your answer wasn’t a resounding “YES, I would not be worried”, then take the time to think about your security strategy today!

As a developer, I have a lot of information I need to protect, like:

1. Checked out source code (projects checked out of version control). This could be an end-to-end system complete with business rules, entire databases, detailed specifications, quotes, and basically anything an attacker or rival company would just love to get their hands on.

2. Databases. Mostly part of and similar to point 1, but likely to be in a different location on disk.

3. Emails, Tasks, Calendars, Contacts.

4. Virtual machine files. In my case this would include the hard disk files for VirtualBox machines, which might contain any of the before mentioned data.

5. Personal Files – Financial data, pictures, documents, etc.

My strategy is to use EFS to encrypt most of my day-to-day files – point 1, 2, and 3 from above. I use a combination of EFS and Truecrypt file containers for my personal data. My virtual machine files are not being encrypted at the moment – so I try to keep sensitive data out of there. I have a password manager to manage the multitude of passwords I have, this is great cause I can generate 20 character long passwords randomly and I never even need to know what they are (just copy and paste). Obviously, the password manager is protected by a loooong random password and a keyfile which is kept separate from the password database.

The major problem with all this encryption is performance. It slows everything down, which is the only reason why my virtual machine files aren’t encrypted at all. Unfortunately, one doesn’t really have a choice – either encrypt and accept the performance penalty, or leave unencrypted. The other problem which reared its head just the other day, was when I tried to access my files from my wife's computer – it just wouldn’t show the EFS files. Then I realised that XP Home doesn’t support EFS. As I would like my files to be fairly portable, this has meant that I’m now rethinking my encryption strategy. I’m now contemplating encrypting my entire data partition with Truecrypt – which should be fine except for the added nuisance of having yet another partition (which can't be resized)...

What strategy do you use?

I have a gmail address as my primary e-mail address. Is that a crime? No? Then why do some sites insist on only accepting email addresses from non-free providers? I mean I understand that spam is a problem, but surely banning all free email providers is not the solution.

I haven't had a non-free email address since working at my last full time job - before moving to a different continent for 3 months, and I've never had a long term contract with an ISP. In short, my gmail address is the most reliable, constant and "permanent" email address I've ever had!

Alas, there is a solution...It seems one can always use the newest, most obscure (and possibly quite dodgy) free email service a couple of times before it gets onto the list of banned sites...

A new version of MsSqlSchemaDoc (my project on Codeplex) has been released. This release contains only a single bug fix for a pretty serious issue which was causing the XSD validation to fail for DML triggers which are linked to more than one of the INSERT, UPDATE, or DELETE events.

Work on the project (and my blog) has been VERY slow over the last couple of months due to my relocation from South Africa to Perth in Australia. Nothing could have prepared my wife and I for how difficult it would be for us (both financially and emotionally) to move away from our family and friends to another continent where we know NO-ONE! Things seem to be falling into place a little bit more at the moment though, with the next (and one of the last) steps now being to find some stable employment...so if anyone knows of anyone who is looking for a developer in Perth, why not pass them or me a lead? :-)

MSSqlSchemaDoc is my project on Codeplex. I have just released version 4.1 which generates reports combining the schema information and user documentation into HTML files.

Overview

MSSqlSchemaDoc extracts schema information from a SQL Server database and saves it as xml files - one per object. It also creates separate xml files loosely resembling the structure of each object but with placeholders where you can add comments to document your database schema. Finally, it can combine the schema information and documentation texts into HTML documentation.

The main benefit of using MSSqlSchemaDoc is that the generated xml files can easily be placed under version control, allowing you to track changes to both your database schema and database documentation separately. It also allows easy browsing of the database documentation through the HTML files. In the latest version, 4.1, HHP (project) and HHK (index) files are also generated to assist with the creation of CHM files - effectively making it a one-step process.

Technical

The application works by defining classes which represent database objects, like tables, views, etc. These classes are decorated with attributes which control how the objects get serialized to XML. XSD schemas specify the expected structure of the XML and are used to validate each serialized object.

Due to performance problems with SMO, custom queries are used to extract the desired data from the database.

Note: Only SQL2005 and SQL2008 is currently supported - SQL2000 support is in the pipeline.

Visit the project page at: http://mssqlschemadoc.codeplex.com/

After accidentally breaking compatibility with Sql2005, this release should restore that compatibility while also fixing one or two other minor bugs...

Before making changes directly to a production database (inserts, updates, and deletes) I always start a transaction: "BEGIN TRAN".

If at any time during the change I see results which I didn't expect or if I accidentally run an update statement without a "WHERE"-clause ;-) I can simply rollback the changes and start over: "ROLLBACK TRAN".

Problem: After making some initial changes, I want to run an additional script to apply the next set of changes. I don't want to run the new script in the existing window because I want to preserve the result set from the first script. I can't open a new query window because it did not take part in the transaction which was started in the first query, so the query in the second window will be blocked until the first transaction is committed or rolled back.

What to do? Enter "sp_BindSession". By providing "sp_BindSession" with the appropriate token, I can "join" the transaction from the first query window. The required token can be retrieved from within the transaction by executing "sp_GetBindToken" (which returns a transaction ID). Neat, huh?

PS: A BIG THANKS to Paul Rony from SplendidCRM Software for answering my post on SQL Server Central with this info!

I finally finished the next iteration of MSSqlSchemaDoc by adding a facility for the user to add custom comments and notes to document the database objects.

The application creates objects documenting the structure of each database object (as per version 1), but will now also generate blank templates (separate from the schema) where user comments can be added. Comments are also preserved when re-generating.

The reason for keeping the user comments separate from the schema documentation is so that source control and versioning can run independently between schema changes and documentation changes. When looking for a schema change in a commit log, I sure don't want to have to trawl through all the comment changes!

Why not check it out and let me know what you think?

I've just completed the first release of MSSqlSchemaDoc on codeplex!

The application is used to extract the schema of a SQL database into XML files (one per object). I decided not to use SMO (Sql Management Objects) since they are quite slow when extracting this level of data (they issue multiple queries per object, instead of just the one or two that I do).

It all works by defining classes which represent database objects, like tables, views, etc. These classes are decorated with attributes which control how the objects get serialized to XML. XSD schemas specify the expected structure of the XML and are used to validate each serialized object.

Some of the work that still needs to be done:

- Creating XSL stylesheets to convert the XML into HTML reports
- Reversing the process to create the database from the XML files
- Support for CLR types, procedures, etc
- Support for SQL Server 2000

Check out the project at http://www.codeplex.com/MSSqlSchemaDoc and maybe even lend a hand in the development :-)