On Sat, 25 Jan 2003, Avleen Vig wrote: [snip]
Let's not blame MS for admins who don't know how to secure their boxes :-) A patch was released mid-2002 and was also part of SQL Server SP3
Would it not also be a good idea/practice *not* to ever let a MS SQL server (or *any* database server) sit on a network that is directly accessible from the internet ? Having a firewall(s) in front of your database server regardless of the type is pretty much common sense, right? Its bad enough to be stuck having to run/support IIS and MSSQL in any scenario, but letting MSSQL talk to the world just seems like asking for even more trouble. -jon -- + Jon Larsen; Chief Technology Officer, Richweb.com + GnuPG Public Key http://richweb.com/jlarsen.gpg + Richweb.com: Providing Internet-Based Business Solutions since 1995 + Business Telephone: (804) 359.2220 + Jon Larsen Cell Phone: (804) 307.6939