SQL Internals and Advanced Dynamic Search

Agenda:

• 17:30-18:00 - Gathering, Networking, Hugs and Kisses

• 18:00-18:15 - Opening, Announcements, and More...

• 18:15-19:45 - First Session (SQL Internals – Physical Table Structure Under the Hood and Implementation on Real Case Scenarios)

• 19:45-20:00 - Break (More Networking)

• 20:00-20:45 - Second Session (Advanced Dynamic Search Queries and How to Protect Them)

Sessions:

1. SQL Internals – Physical Table Structure Under the Hood and Implementation on Real Case Scenarios – Ronen Ariely (90 Minutes, Hebrew)

Understanding what we have under the hood is not only done for the sake of learning a theory, but it is directly impacts our daily work, and it can help us to improve performance and reduce resources dramatically.
During this session we will go over the structure of tables behind the scenes. We will see the changes behind the scenes related to actions which we execute on the table. Using this information, we will demonstrate several real case scenarios, and the dramatic impact of understanding the internals on choosing our solution.
Is order of columns important? Is dropping a column the right solution? Questions like these are very common in the forums, and usually do not get the right answer.
This session is a live demo.

2. Advanced Dynamic Search Queries and How to Protect Them – Eitan Blumin (45 Minutes, Hebrew)

No, it’s not yet another presentation about SQL injection. We all know how to protect from SQL injections already. But that’s only relevant when you know in advance which columns can be queried by the user and using what kind of operators (“equals”, “like”, “between”, etc.). Instead, what I really want to talk about is when you actually don’t know in advance which parameters to expect, you don’t know in advance the chosen operator to use per each parameter, and you actually want to give the user truly full unlimited control over search criteria. We’ll discuss different methods of achieving advanced scenarios, the pros and cons of each, and most importantly: how do you do it without fear of malicious attacks.