Re: SQL Server for Oracle DBAs

From: Harvey <>
Date: Sat, 31 May 2008 22:33:49 -0400
Message-ID: <>

Tony Rogerson wrote:

>> exploited a Microsoft SQL Server vulnerability that was over a year 
>> old, one that was patched in early 2006 by the MS06-014 security update.
>> Source:

> Only you could think MDAC has anything to do with SQL Server - it
> hasn't. It's no more anything to do with SQL Server than ORacle's ODBC
> driver - they are just other products that allow connection to SQL
> Server, also, it refers to SQL SErver 2000 which is no longer supported
> by Microsoft - the majority are on SQL Server 2005.
>> one of the more prominent tech news organizations, reported the company
>> RealNames informed customers that its customer information database 
>> had been breached and the attackers had walked off with valuable 
>> nformation, to include credit card numbers.
>> Source: 
>> And there are thousands more where these came from.

> More in Denial comments.
> Brian Kelley talks about the importance of securing databases; he does
> talk about Slammer which was SQL 2000 and 8 - 9 years ago; SQL 2000 is
> no longer supported by Microsoft. He also talks about SQL Worm (from
> 2002 (6 years ago)) and again this related to SQL 2000 which again, is
> no longer support by Microsoft.

SqlServer 2000 was released in July 2000 - how is it possible that Slammer was 8-9 years ago?

> Brian's article itself is over 5 years old!
> You don't pull the wool over many peoples eyes anymore Morgan.
> Face it Morgan, the SQL Server team got the software quality life cycle
> right - oracle haven't; and don't take my word for it - as you well know
> the trade press take that view as well.

Quality life cycle? From a presentation I did a week ago...

"SqlServer 2005 made it out the door in Nov of 2005, with SP2 being released in Feb 2007, and updated in Mar 2007"

The context of the presentation at that point was simply background and was being given to a SqlServer audience.

Now - IF M$ 'got it right' as you said, why did they have to pull back SP2 and update it? And do you really think a bit over two years is a sufficient product life cycle? As indicated above, SqlServer 2005 was released in Nov 2005. SqlServer 2008 came out in Feb 2008 making the life cycle for MSS 2005 a mere 2.25 years, and it's required a couple of   service packs along the way too! And... contrary to your assertion, MSS 2000 is still a supported version by M$.

Admittedly, as with ANY software, Oracle has patched its versions on a regular basis. That doesn't make them worse than M$ though, and by far security is easier to manage in Oracle than it is in MSS - well, at least if you're a competent DBA it is.

M$ makes good products, but they definitely do NOT make great products.   And that's an incontrovertible fact.

Jumping into an Oracle group as a SqlServer advocate and intentionally baiting people doesn't speak too highly of your character. Morgan and Sybrand are mainstays of this group who provide useful, relevant info in our community. What are you contributing here?


OBTW, explain why - if you convert a SqlServer database to Oracle the storage requirements are reduced to about one-third? Guess there must be some substantial differences in how data is managed, huh? Received on Sat May 31 2008 - 21:33:49 CDT

Original text of this message