Re: Microsoft destroys TPC-C records!

Yes, you could bash Microsoft for shipping a product with a serious bug in MS-SQLServer7.

Without the patch, anyone can run a particular type of query using a particular form and gain sa rights, even if he or she connected to SQL Server as a regular user. What are the "particulars" for running the query? I'm not going to say because it would make life easier for a potential hacker. But be warned: If I know how to crack a SQL Server without this patch, other people know as well. Apply the patch now. (You can find FAQs about this vulnerability and the patch at http://www.microsoft.com/technet/security/bulletin/fq00-014.asp.)

In comp.databases.sybase Jerome Lecomte <jlecomte_at_ifrance.com> wrote:

> Nathan Myers page has a very interesting article
> http://www.cantrip.org/nobugs.html. I personally don't agree with Mr
> Myers conclusions. It shows to me that MS targets (at least used to
> target) broad audiance with little expectations about how the software
> should behave : with respects to bugs in particular. MS is cheaper,
> but lower quality too. I don't know if they keep coping with this
> strategy on databases. If yes, I don't know either how much desktop OS
> users look like database users.

--
http://www.cooper.com.hk Received on Thu Mar 23 2000 - 19:43:40 CST