1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News SQL Server on security alert

Discussion in 'Article Discussion' started by CardJoe, 24 Dec 2008.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,343
    Likes Received:
    292
  2. sfrigard

    sfrigard New Member

    Joined:
    24 Dec 2008
    Posts:
    1
    Likes Received:
    0
    I am a DBA and find the comments at the end on this article nothing short of flame baiting. According to Secunia, SQL Server 2005 has had only three advisories. The current advisory requires a user to successfully logon to SQL Server in order to exploit. You mention that there is an unofficial workaround requiring the dropping of the extended procedure. You fail to mention that installing Service Pack 3 for SQL Server also resolves this issue. Please, do your research next time.
     
  3. n3mo

    n3mo New Member

    Joined:
    15 Oct 2007
    Posts:
    184
    Likes Received:
    1
    This way or another working with SQL Server was the worst time of my life, a real pain in the ass. Only worse thing I can think of is Oracle.
     
  4. Firehed

    Firehed Why not? I own a domain to match.

    Joined:
    15 Feb 2004
    Posts:
    12,574
    Likes Received:
    16
    I hate working with SQL server, but more often than not any SQL security issues are much more related to interacting with the DB at the app level than the server itself (not sanitizing user-provided data, etc).
     
Tags: Add Tags

Share This Page