Is MS SQL server the most secure SQL server?

kgun · #1 (**permalink**) 06-06-2007, 07:55 AM

ramsaytom2 · #2 (**permalink**) 08-07-2007, 07:51 AM

Hi

SQL Server is more secure then Mysql. SQL server has the security of SD3 (Secure By design, Secure by development and secure by deployment).

**wige** · #3 (**permalink**) 08-07-2007, 11:04 AM

No.

A search of the CERT database shows more reported vulnerabilities in MS SQL than MySQL. On the plus side, Oracle seems to be much worse. MySQL being open source also gives it the advantage of community review so that developers and hackers can explore the code and find and patch vulnerabilities before the product ships, reducing the number of vulnerabilities in the final product. But any product, especially one designed to be used on the Internet, will have exploits. The important thing is finding the patches and applying them promptly, as well as ensuring that the application is well protected - direct access to the database is restricted, and all scripts that access the database are secured. I have seen extremely well secured databases that have been wiped out by a user adding a few extra characters to a login screen.

kgun · #4 (**permalink**) 08-07-2007, 11:41 AM

Quote:

Originally Posted by wige

No.
I have seen extremely well secured databases that have been wiped out by a user adding a few extra characters to a login screen.

Extremely well secured?
KW's SQL injection attacks, shared hoster etc.
I am not a specialist, but would apriori think that the Oeacle platform was most secure.
My background: Little Sybase and MySQL, sql database, + database background from ...

**wige** · #5 (**permalink**) 08-07-2007, 11:59 AM

By well secured I mean the database had all the latest patches, remote connections were blocked via the firewall, the access passwords were changed regularly - all of which didn't matter because of a flaw in a web site script.

kgun · #6 (**permalink**) 08-07-2007, 12:12 PM

Related SP thread:

? about p74 of Sitepoint db book

sared · #7 (**permalink**) 12-08-2008, 01:24 AM

there are several Windows vulnerabilities that indirectly cause SQL Server security issues.

kgun · #8 (**permalink**) 12-08-2008, 01:00 PM

I have only used MySQL and Sybase SQL myself.
I have never used MS SQL server, but as far as I know it is one of the better products from MS.
May be a too tight integration with MS OS. Is it available on Linux platforms?

netman4ttm · #9 (**permalink**) 12-18-2008, 09:41 PM

MySQL has one major flaw. The password for the root user is by default the same as root or Administrator on the server it was installed on. It must be changed after the install and unfortunately that does not happen often enough.

Personal opinion; I think the security provided by the OS is much more important than the DB server. If you can't get into the OS the server is a lot safer.

I would like to see these servers switch to the ssh model of user keys rather than passwords for connections.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Making my web server secure	JimmiJames	Internet Security Discussion Forum	2	06-24-2006 06:16 AM
Power up your Server; world's first vegetable powered server	TrafficProducer	The Castle Breakroom (General: Any Topic)	3	12-21-2005 03:58 PM
Is The Windows Server Environment More Secure Than Linux?	Chris	Internet Security Discussion Forum	10	04-04-2005 05:58 PM
URGENT: need secure host/server....please read:	tj	Internet Security Discussion Forum	6	12-30-2004 09:59 PM
Post images in a secure server	Importville	Internet Security Discussion Forum	1	07-24-2004 01:48 PM