June 6, 2003 at 7:12 am
Thanks Brian,
I'm not so concerned with Access users hitting my box, but I am concerned with breaking something inside SQL itself.
I have to admin that prior to sifting through the master database I didn't even know that sp_Tables existed. I always used SELECT Name FROM SysObjects WHERE Type='U'
I feel ignorance is probably the biggest security problem. When I did the SQL 6.5 courses security was dealt with at a beginners level i.e. "Thou shalt not use the SA account", but it wasn't gone into in any great depth. I don't know if the course content has changed much for SQL 2000.
I feel that SQL Security could not be covered adequately in one day and therefore there should be a SQL Course especially for security.
June 6, 2003 at 10:34 am
OK, having read around absolutely any user could issue the commands
CREATE TABLE #Tmp(MyField Int);
WHILE (1=1) INSERT #Tmp(MyField) VALUES (1)
Hardly advanced is it an yet this can't be blocked in any way and will issue a denial of service attack.
To me this looks like a particularly nasty black hole. I hope Yukon handles things a bit better than this!
Viewing 2 posts - 16 through 16 (of 16 total)
You must be logged in to reply to this topic. Login to reply