|
|
|
|
|
|||||||
 |
|
|
Thread Tools |
24th Dec 2008, 12:22
|
#1 |
|
Player Character
bit-tech Staff
Join Date: Apr 2007
Posts: 7,940
  |
SQL Server on security alert
http://www.bit-tech.net/news/2008/12...curity-alert/1
Microsoft has issued a bulletin announcing an as-yet unpatched hole in its SQL Server database software which can lead to remote code execution. 
__________________
|
|
|
|
24th Dec 2008, 14:33
|
#2 |
|
What's a Dremel?
Join Date: Dec 2008
Posts: 1
|
I am a DBA and find the comments at the end on this article nothing short of flame baiting. According to Secunia, SQL Server 2005 has had only three advisories. The current advisory requires a user to successfully logon to SQL Server in order to exploit. You mention that there is an unofficial workaround requiring the dropping of the extended procedure. You fail to mention that installing Service Pack 3 for SQL Server also resolves this issue. Please, do your research next time.
|
|
|
|
|
24th Dec 2008, 17:22
|
#3 |
|
Multimodder
Join Date: Oct 2007
Posts: 184
|
This way or another working with SQL Server was the worst time of my life, a real pain in the ass. Only worse thing I can think of is Oracle.
|
|
|
|
|
24th Dec 2008, 23:05
|
#4 |
|
Why not? I own a domain to match.
Join Date: Feb 2004
Location: An hour north of Boston
Posts: 12,576
|
I hate working with SQL server, but more often than not any SQL security issues are much more related to interacting with the DB at the app level than the server itself (not sanitizing user-provided data, etc).
__________________
hire me @ eric-stern.com - web developer and php ninja
pics @ my smugmug :: Twitter @firehed :: blog @ firehed.net 40D|580EXII|285HV|AB800|70-200f/4LIS|17-50f/2.8|150f/2.8Macro|50f/1.8 MacPro @ 8x2.8GHz, 10GB FBDDR2, 3TB HD :: MBP @ 2x2.2GHz, 4GB DDR2, 320GB HD |
|
|
|
|
| Thread Tools | |
|
|
