On Sat, Jan 25, 2003 at 12:20:41PM -0500, C. Jon Larsen wrote:
On Sat, 25 Jan 2003, Avleen Vig wrote:
[snip]
Let's not blame MS for admins who don't know how to secure their boxes :-) A patch was released mid-2002 and was also part of SQL Server SP3
Would it not also be a good idea/practice *not* to ever let a MS SQL server (or *any* database server) sit on a network that is directly accessible from the internet ? Having a firewall(s) in front of your database server regardless of the type is pretty much common sense, right?
Its bad enough to be stuck having to run/support IIS and MSSQL in any scenario, but letting MSSQL talk to the world just seems like asking for even more trouble.
I agree absolutely. This is just bad practice and the network admins here need to re-think their security architecture.