Month: June 2013

Maintaining the Security-Worthlessness of Java is Oracle’s Priority

Nandini Ramani, leader of Oracle’s Java development, wrote an interesting blog post last week here on all the security vulnerabilities that have been plaguing Java here recently. Actually it was more of a defense of “Hey, it’s hard writing software and we have to follow these procedures that are REALLY complicated”. Let’s look at some of what was said….. Over the past year, there have been several reports of security vulnerabilities in Java, primarily affecting Java running in Web browsers. Well, it hasn’t been just reports. That makes it sound like a bigfoot sighting or something. These were very serious security holes that Oracle tried to not respond to and just release patches as quickly as possible. Like those horror movies were the woman is hunkered down in the closet with the baddie in the bedroom saying “please don’t find me….please don’t find me”. Whenever Oracle makes an acquisition, acquired product lines are required to conform to Oracle policies and procedures, including those comprising Oracle Software Security Assurance.  As a result, for example, the Java development organization had to adopt Oracle’s Security Fixing Policies, which among other things mandate that issues must be resolved in priority order and addressed within a certain period of time. Well, except that Oracle has owned Java since 2009. Sorry guys it’s 2013 and these procedures should be much more fluid. That and the...

Read More

SSIS Row Comparison By Checksum

I recently ran across an SSIS package that needed to be rewritten that included the Checksum Transformation from SQLIS.com . The main reason was that they wanted the removal of the component because they were using it to compare rows instead of using something like a Slowly Changing Dimension Transformation (SCD). While their process seemed to be solid on the surface they were having problems with it not accurately identifying changes in certain columns. Right away I knew that the issue was related to the columns in question being text data types.  I knew this specifically because I had written A LOOOONG time ago a database comparison tool that used checksums as part of the data comparison algorithm. The problem stems from the fact that SQL Server and really a lot of Checksum algorithms cannot accurately compare certain types of fields. Specifically from MSDN…   Syntax CHECKSUM ( * | expression [ ,...n ] ) Arguments * Specifies that computation is over all the columns of the table. CHECKSUM returns an error if any column is of noncomparable data type. Noncomparable data types are text, ntext, image, and cursor, as well as sql_variant with any of the above types as its base type. Now while the component doesn’t necessarily use the CHECKSUM function within SQL Server, it still suffers from the same  limitation. You do however have some options....

Read More