Re: Internet password attacks
From: Hal Berenson (hberenson_at_predictableit.com)
Date: Wed, 31 Aug 2005 15:28:27 -0600
The customer apps are one problem, the internal reliance on SA is a separate
one. That just isn't a Service Pack class fix. The one message Microsoft
(and particularly the SQL Server group) gets loud and clear from customers
is "Don't break our apps with service packs". So Microsoft is extremely
cautious on making changes, particularly to the server, in service packs.
And this would be a major change.
I disagree in terms of Microsoft "refusing" to fix these issues. You just
don't like their original solution (integrated security). Now they've done
a massive amount in SQL Server 2005 to address the standard security issues.
The one thing I'll grant you is that Microsoft made a mistake in thinking
that standard security was purely a legacy issue and would fade away
-- Hal Berenson, President PredictableIT, LLC "Russell Stevens" <email@example.com> wrote in message news:ef0GqRJrFHA.4072@TK2MSFTNGP09.phx.gbl... > Hal, > > <<Allow the SA account to be renamed in a service pack? You are mad>> > > No - the SP doesn't rename it, it gives the SQL admin the ability to > change it. If he has apps that use it, then he can fix them first or leave > as is. > > <<Unfortunately, it is likely to be a long > time until the next SQL Server 2000 Service Pack and that will (I'm > guessing) be little more than a hotfix rollup. So we've probably missed > the > boat on doing anything for SQL Server 2000.>> > > We have been missing the boat for many years - Microsoft just refuses to > fix it (this is not a new issue <g>). > > Thanks > Russ Stevens > >