Re: SQL Server for Oracle DBAs
- From: Harvey <harvey@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 31 May 2008 22:33:49 -0400
Tony Rogerson wrote:
exploited a Microsoft SQL Server vulnerability that was over a year old, one that was patched in early 2006 by the MS06-014 security update.
Source: http://www.lexansystems.com/blog/tag/security-breach/
Only you could think MDAC has anything to do with SQL Server - it hasn't. It's no more anything to do with SQL Server than ORacle's ODBC driver - they are just other products that allow connection to SQL Server, also, it refers to SQL SErver 2000 which is no longer supported by Microsoft - the majority are on SQL Server 2005.
http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx
one of the more prominent tech news organizations, reported the company
RealNames informed customers that its customer information database had been breached and the attackers had walked off with valuable nformation, to include credit card numbers.
Source: http://www.sqlservercentral.com/articles/Security/sqlserversecuritywhysecurityisimportant/1077/
And there are thousands more where these came from.
More in Denial comments.
Brian Kelley talks about the importance of securing databases; he does talk about Slammer which was SQL 2000 and 8 - 9 years ago; SQL 2000 is no longer supported by Microsoft. He also talks about SQL Worm (from 2002 (6 years ago)) and again this related to SQL 2000 which again, is no longer support by Microsoft.
SqlServer 2000 was released in July 2000 - how is it possible that Slammer was 8-9 years ago?
Brian's article itself is over 5 years old!
You don't pull the wool over many peoples eyes anymore Morgan.
Face it Morgan, the SQL Server team got the software quality life cycle right - oracle haven't; and don't take my word for it - as you well know the trade press take that view as well.
Quality life cycle? From a presentation I did a week ago...
"SqlServer 2005 made it out the door in Nov of 2005, with SP2 being released in Feb 2007, and updated in Mar 2007"
The context of the presentation at that point was simply background and was being given to a SqlServer audience.
Now - IF M$ 'got it right' as you said, why did they have to pull back SP2 and update it? And do you really think a bit over two years is a sufficient product life cycle? As indicated above, SqlServer 2005 was released in Nov 2005. SqlServer 2008 came out in Feb 2008 making the life cycle for MSS 2005 a mere 2.25 years, and it's required a couple of service packs along the way too! And... contrary to your assertion, MSS 2000 is still a supported version by M$.
Admittedly, as with ANY software, Oracle has patched its versions on a regular basis. That doesn't make them worse than M$ though, and by far security is easier to manage in Oracle than it is in MSS - well, at least if you're a competent DBA it is.
M$ makes good products, but they definitely do NOT make great products. And that's an incontrovertible fact.
Jumping into an Oracle group as a SqlServer advocate and intentionally baiting people doesn't speak too highly of your character. Morgan and Sybrand are mainstays of this group who provide useful, relevant info in our community. What are you contributing here?
Harv
OBTW, explain why - if you convert a SqlServer database to Oracle the storage requirements are reduced to about one-third? Guess there must be some substantial differences in how data is managed, huh?
.
- Follow-Ups:
- Re: SQL Server for Oracle DBAs
- From: Tony Rogerson
- Re: SQL Server for Oracle DBAs
- Prev by Date: Re: How to find out version and install security patches?
- Next by Date: Performance goals for DBAs
- Previous by thread: Re: SQL Server for Oracle DBAs
- Next by thread: Re: SQL Server for Oracle DBAs
- Index(es):
Relevant Pages
|
