January 23, 2009 at 10:50 am
Hi,
Is there any security risk in leaving Database Mail option ON? I received a document (taken from the CISecurity.org) from the security team at work. Trying to convince me that Database Mail should be turned off. I really can't find any supporting documentation that supports it as a security risk.
January 23, 2009 at 12:10 pm
Database mail expands the surface area of your SQL Server. If you aren't using it, it should be turned off. Then again, if you're relying on it in order to get job failure notices from SQL Server Agent, etc., then you need it and it needs to be turned on. If that's the case, remind your security team that the A in the C-I-A triad is availability and Database Mail is used to send you alerts to keep your SQL Server available. Certainly if you're stuck between Database Mail and SQL Mail, keep Database Mail on and turn SQL Mail off. SQL Mail is MAPI-based and deprecated for very good reasons.
K. Brian Kelley
@kbriankelley
January 23, 2009 at 12:20 pm
Thanks for the quick reply. This definitely helps.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply