Re: SQL Server for Oracle DBAs
Date: Tue, 27 May 2008 14:08:17 -0700 (PDT)
Message-ID: <158e48dd-5432-4606-b3ae-43ad308e623f@y22g2000prd.googlegroups.com>
On May 27, 10:44 am, "Tony Rogerson" <tonyroger..._at_torver.net> wrote:
> > exploited a Microsoft SQL Server vulnerability that was over a year old,
> > one that was patched in early 2006 by the MS06-014 security update.
> > Source:http://www.lexansystems.com/blog/tag/security-breach/
>
> Only you could think MDAC has anything to do with SQL Server - it hasn't.
> It's no more anything to do with SQL Server than ORacle's ODBC driver - they
> are just other products that allow connection to SQL Server, also, it refers
> to SQL SErver 2000 which is no longer supported by Microsoft - the majority
> are on SQL Server 2005.
Well, I don't know anything about MDAC, so maybe you are right, but I do know that whatever wonderful things are in SQL Server 2005 are ignored by lots of apps that do security in the application layer. Granted, they have the same problem going to Oracle too, because... well, it's just like Sybrand said. I choose to blame Bill Gates.
>
> http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx
>
> > one of the more prominent tech news organizations, reported the company
> > RealNames informed customers that its customer information database had
> > been breached and the attackers had walked off with valuable nformation,
> > to include credit card numbers.
> > Source:
> >http://www.sqlservercentral.com/articles/Security/sqlserversecuritywh...
>
> > And there are thousands more where these came from.
>
> More in Denial comments.
>
> Brian Kelley talks about the importance of securing databases; he does talk
> about Slammer which was SQL 2000 and 8 - 9 years ago; SQL 2000 is no longer
> supported by Microsoft. He also talks about SQL Worm (from 2002 (6 years
> ago)) and again this related to SQL 2000 which again, is no longer support
> by Microsoft.
>
> Brian's article itself is over 5 years old!
Did you happen to notice the date on the SAME article?
>
> You don't pull the wool over many peoples eyes anymore Morgan.
>
> Face it Morgan, the SQL Server team got the software quality life cycle
> right - oracle haven't; and don't take my word for it - as you well know the
> trade press take that view as well.
I think they're both pretty bad, personally.
>
> --
> Tony Rogerson, SQL Server MVPhttp://sqlblogcasts.com/blogs/tonyrogerson
> [Ramblings from the field from a SQL consultant]http://sqlserverfaq.com
> [UK SQL User Community]
Funny, I managed to not make any trollish response to the OP like "just don't go to that sqlserverfaq site," but, here you are...
jg
-- @home.com is bogus. Bomb! Japan has just phlashed Pearl Bailey! I mean... http://www.darkreading.com/document.asp?doc_id=154270&WT.svl=news1_1 word: gableReceived on Tue May 27 2008 - 16:08:17 CDT