Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle versus Sqlserver

Re: Oracle versus Sqlserver

From: kc <kc_news2000_at_yahoo.com>
Date: 25 Jan 2002 07:37:13 -0800
Message-ID: <a20fe1ab.0201250737.61d608a8@posting.google.com>


I will give my perspective of the two. First off I work for a global company as a Systems Admin/Security administrator/Jr. DBA. I do a lot of auditing and penetration testing for my company. We have a mix of Windows, Unix, Linux, and Macs.

I believe each package has merits. However, as a rule most SQL server DBAs lack good training and experience. It is usually trivial to hack into a SQL server machine vs. an Oracle box. This is primarily due to the skill of the DBA. When you consider the corresponding weaknesses of the security of the Windows platform the issue becomes more critical. It is harder to crack an Oracle box because of the general background of Oracle DBAs. I have encountered many SQL server machines that do not have a password for "SA" account (Is that part of the MCDBA training?? It always amazes me when I find this.). I have never encountered an Oracle box that did not have a password for the "SYS" or "SYSTEM" account. Oracle on something other than Windows is a very good bet for security. SQL server on Windows can be a major problem waiting to happen. Fact: The majority of credit card thefts from Ecommerce Sites are successful by exploiting a SQL Server/Windows vulnerability or misconfiguration.

I know for a fact that the Oracle Authorized Training goes into depth about limiting access, roles, network security, etc. I have not attended any SQL server classes but suspect that type of material is not covered. I know in my MCSE classes security was not even covered. Maybe Microsoft will change and react to these issues in the future? I think the root of the problem is that many companies think that an "MCSE" or "MCDBA" is more valuable than experience and product history. Pay now or pay more later for your operating system/database and the staff to run it.

Meanwhile the script kiddies are pillaging the weak and misconfigured....... Received on Fri Jan 25 2002 - 09:37:13 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US