Re: What so special about PostgreSQL and other RDBMS?

"Greg D. Moore (Strider)" <mooregr_deleteth1s_at_greenms.com> wrote in message news:bNSpc.200462$M3.149289_at_twister.nyroc.rr.com...
>
> "Jim Kennedy" <kennedy-downwithspammersfamily_at_attbi.net> wrote in message
> news:5lSpc.62944$xw3.3682312_at_attbi_s04...
> > >
> > Fire wall is blocked on those ports and many more, has been for a many
> > years. That's not the problem. The problem is when one of these things
> > gets inside the firewall then the firwall doesn't help much does it?
>
> In other words, you have a jelly donut of a network. Again, why are you
> blaming a poor security design on the OS?

Should read:
" In other words, you have a jelly donut of a network. Again, why are you  blaming a poor security design on the poorly designed OS?"

Security is not locking everything up so no one can get to anything. Sure you won't have any "breaches", but you won't have any access either. If the problem was only Slammer I wouldn't worry about it, but it happens about aevery 3 or 4 months despite staying up with patches. (and all the attendant testing before putting a patch into production. Don't have all that problem on my UNIX boxes and they get some patches, just not as many and not as urgent. Why? Because the OS is a heck of a lot more secure. The manufacture is more careful. I go by pragmatic experience and not some nebulose claim that the company's security is at fault. (eg companys are not hit as hard with attacks on non-windows production systems, and they do happen, because the supplier is a better more careful producer of software and hardware.)
>
> >Gee,
> > don't have this problem on port 1521 with Oracle.
>
> "So Far". That's the problem with approaches such as patching to
security.
> It assumes you know about the threat. What happens if someone tomorrow
> comes out with the Oracle version of slammer? You're in just as much
> trouble.
>

I assure you that if it was vulerable it would have happened. Larry put out the Unbeakable challange in 8i (years ago) and of course attracted a lot of hackers. Nothing came of it and it has been years. As I said before, it is a matter of what the vendor thinks is important. MS doesn't think its important.
>
> > If it were as shoddily
> > written as MS SQLServer's security you know people would be attacking
it
> > and it would be in the news. It isn't because the products come from 2
> > different mind sets. When someone's mainframe goes down or suffers an
> > undexpected service interuption then the CEO is on the phone with the
CEO
> of
> > the mainframe company demanding to know why and when the fix is going to
> be
> > installed. I remember encountering a problem with Oracle's SQLNet
product
> > to DB2 running on a mainframe, where if the client rebooted it locked up
a
> > CPU on the mainframe. American Transtech called Oracle and Oracle had
> > someone out there to fix it the next morning. (from California to
> > Jacksonville) When someone's PC goes down people don't call MS (because
> > that is useless);
>
> It is? Gee, I guess those times where they've fixed my problems is just a
> myth.

Logic problems are not the same as finding a major problem with a vendor's product. I love it that you haven't given one example where you found a new (new to the vendor - MS) critical (to you) flaw in their software and they produced a patch for you. You can't because MS won't do that. Had problems with them for over a decade and not once did they issue a patch to fix my problem. Yet, I have with other major software vendor's repeatedly.

>
>
>
Received on Sun May 16 2004 - 19:17:36 CDT