Re: Internet password attacks

From: Hal Berenson (hberenson_at_predictableit.com)
Date: 08/31/05

• Next message: Hari Prasad: "Re: User security"
• Previous message: Hal Berenson: "Re: Internet password attacks"
• Maybe in reply to: Hal Berenson: "Re: Internet password attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 31 Aug 2005 15:28:27 -0600

The customer apps are one problem, the internal reliance on SA is a separate
one. That just isn't a Service Pack class fix. The one message Microsoft
(and particularly the SQL Server group) gets loud and clear from customers
is "Don't break our apps with service packs". So Microsoft is extremely
cautious on making changes, particularly to the server, in service packs.
And this would be a major change.

I disagree in terms of Microsoft "refusing" to fix these issues. You just
don't like their original solution (integrated security). Now they've done
a massive amount in SQL Server 2005 to address the standard security issues.

The one thing I'll grant you is that Microsoft made a mistake in thinking
that standard security was purely a legacy issue and would fade away
quickly.

-- 
Hal Berenson, President
PredictableIT, LLC
"Russell Stevens" <rustyprogrammer@online.nospam> wrote in message 
news:ef0GqRJrFHA.4072@TK2MSFTNGP09.phx.gbl...
> Hal,
>
> <<Allow the SA account to be renamed in a service pack?  You are mad>>
>
> No - the SP doesn't rename it, it gives the SQL admin the ability to 
> change it. If he has apps that use it, then he can fix them first or leave 
> as is.
>
> <<Unfortunately, it is likely to be a long
> time until the next SQL Server 2000 Service Pack and that will (I'm
> guessing) be little more than a hotfix rollup.  So we've probably missed 
> the
> boat on doing anything for SQL Server 2000.>>
>
> We have been missing the boat for many years - Microsoft just refuses to 
> fix it (this is not a new issue <g>).
>
> Thanks
> Russ Stevens
>
> 

---

• Next message: Hari Prasad: "Re: User security"
• Previous message: Hal Berenson: "Re: Internet password attacks"
• Maybe in reply to: Hal Berenson: "Re: Internet password attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Why SqlServer always generates "EXCEPTION_ACCESS_VIOLATION" error? ... A hardware problem - usually a problematic memory. ... A bug in the SQL Server code. ... There is nothing anyone outside of Microsoft support can do to help ... install the latest service pack and check the exception raises. ... (microsoft.public.sqlserver.security) RE: Can not open a word document ... This problem is corrected in Office XP Service Pack 3.To resolve this ... obtain the latest service pack for Microsoft Office XP. ... A supported fix is now available from Microsoft, but it is only intended to ... contact Microsoft Product Support ... (microsoft.public.word.application.errors) Re: Visual Studio.net 2003 ... I upgraded to the latest service pack of visual studio.net 2003 and I ... Studio.net 2003 Service Pack 1 can fix your problem, ... Microsoft Online Community Support ... (microsoft.public.vsnet.general) Re: MS03-031 issue ... > A supported fix is now available from Microsoft, ... This fix may receive additional testing. ... call Microsoft Product Support Services so that the ... > To work around this problem, administer SQL Server from a workstation ... (microsoft.public.sqlserver.security) RE: Network Shared Printing Error Event ID 61 ... The hot fix has been packaged and placed ... obtain the latest service pack for Microsoft ... contact Microsoft Product Support ... (microsoft.public.win2000.networking)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)