Is MS SQL server the most secure SQL server?

[kgun]

Read more..

[ramsaytom2]

Hi

SQL Server is more secure then Mysql. SQL server has the security of SD3 (Secure By design, Secure by development and secure by deployment).

[wige]

No.

A search of the CERT database shows more reported vulnerabilities in MS SQL than MySQL. On the plus side, Oracle seems to be much worse. MySQL being open source also gives it the advantage of community review so that developers and hackers can explore the code and find and patch vulnerabilities before the product ships, reducing the number of vulnerabilities in the final product. But any product, especially one designed to be used on the Internet, will have exploits. The important thing is finding the patches and applying them promptly, as well as ensuring that the application is well protected - direct access to the database is restricted, and all scripts that access the database are secured. I have seen extremely well secured databases that have been wiped out by a user adding a few extra characters to a login screen.

[kgun]

Quote:

Originally Posted by wige

No.
I have seen extremely well secured databases that have been wiped out by a user adding a few extra characters to a login screen.

1. Extremely well secured?
2. KW's SQL injection attacks, shared hoster etc.
3. I am not a specialist, but would apriori think that the Oeacle platform was most secure.
4. My background: Little Sybase and MySQL, sql database, + database background from ...

[wige]

By well secured I mean the database had all the latest patches, remote connections were blocked via the firewall, the access passwords were changed regularly - all of which didn't matter because of a flaw in a web site script.

[kgun]

Related SP thread:

? about p74 of Sitepoint db book