On Saturday 25 January 2003 10:03 am, Avleen Vig wrote:
On Sat, Jan 25, 2003 at 12:20:41PM -0500, C. Jon Larsen wrote:
On Sat, 25 Jan 2003, Avleen Vig wrote:
[snip]
Let's not blame MS for admins who don't know how to secure their boxes
:-)
A patch was released mid-2002 and was also part of SQL Server SP3
Would it not also be a good idea/practice *not* to ever let a MS SQL server (or *any* database server) sit on a network that is directly accessible from the internet ? Having a firewall(s) in front of your database server regardless of the type is pretty much common sense, right?
Its bad enough to be stuck having to run/support IIS and MSSQL in any scenario, but letting MSSQL talk to the world just seems like asking for even more trouble.
I agree absolutely. This is just bad practice and the network admins here need to re-think their security architecture.
Sometimes that's just not an option. We operate a colo facility, and while we strongly encourage "best practices" customers don't always listen. "My personal firewall will protect me" etc... It's just unfortunate when one person's ignorance leads to problems for other people, as in this case. -- Grant A. Kirkwood - grant(at)tnarg.org Fingerprint = D337 48C4 4D00 232D 3444 1D5D 27F6 055A BF0C 4AED