Re: SQL Server for Oracle DBAs

From: Tony Rogerson <>
Date: Tue, 3 Jun 2008 21:00:22 +0100
Message-ID: <g24813$2sb$1$>

>>> I will show you how quickly some of my former students can turn it
>>> into burnt toast.
>> Name 1 that exposes a physical security software defect in SQL Server
>> 2005.
>> Don't forget to post the URL to the KB article or independent security
>> bulletin.
> returns 3,180 hits. Tell us it isn't possible.
> Then go back to the SQL Server usenet group where you might contribute
> something that doesn't have a troll factor of 100.

Here, I've even done the work for you... "SQL Injection and Oracle, Part One"
"SQL injection techniques are an increasingly dangerous threat to the security of information stored upon Oracle Databases. " "This is such an important topic, and not as many people are aware of it as I thought. Before we start with an answer, let's define the term SQL injection. SQL injection occurs when an application program accepts arbitrary SQL from an untrusted source (think "end user"), blindly adds it to the application's SQL, and executes it. It "

Like I said - SQL Injection and the link you posted is all about coder problems; sloppy coding leads to SQL injection attacks - common to all databases.

Seriously, if you don't know what SQL Injection is - what the hell are you doing teaching?

Tony Rogerson, SQL Server MVP
[Ramblings from the field from a SQL consultant]
[UK SQL User Community] 
Received on Tue Jun 03 2008 - 15:00:22 CDT

Original text of this message