1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News SQL Server on security alert

Discussion in 'Article Discussion' started by CardJoe, 24 Dec 2008.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,346
    Likes Received:
    316
    CardJoe, 24 Dec 2008
    #1
  2. sfrigard

    sfrigard What's a Dremel?

    Joined:
    24 Dec 2008
    Posts:
    1
    Likes Received:
    0
    I am a DBA and find the comments at the end on this article nothing short of flame baiting. According to Secunia, SQL Server 2005 has had only three advisories. The current advisory requires a user to successfully logon to SQL Server in order to exploit. You mention that there is an unofficial workaround requiring the dropping of the extended procedure. You fail to mention that installing Service Pack 3 for SQL Server also resolves this issue. Please, do your research next time.
     
    sfrigard, 24 Dec 2008
    #2
  3. n3mo

    n3mo What's a Dremel?

    Joined:
    15 Oct 2007
    Posts:
    184
    Likes Received:
    1
    This way or another working with SQL Server was the worst time of my life, a real pain in the ass. Only worse thing I can think of is Oracle.
     
    n3mo, 24 Dec 2008
    #3
  4. Firehed

    Firehed Why not? I own a domain to match.

    Joined:
    15 Feb 2004
    Posts:
    12,574
    Likes Received:
    16
    I hate working with SQL server, but more often than not any SQL security issues are much more related to interacting with the DB at the app level than the server itself (not sanitizing user-provided data, etc).
     
    Firehed, 24 Dec 2008
    #4
Tags: Add Tags

Share This Page