Post reply

security of MS SQL Server vs MYSQL

  • April 29, 2003 at 11:54 am

    #80753

    I've been asked to do some research on a topic of security for MS SQL Server vs MYSQL.

    Can anyone help me out?

  • April 29, 2003 at 6:19 pm

    #455745

    When you say "security," that's an awfully broad topic. Are you speaking of how to lock down each or are you speaking of how to manage user rights within the database server, etc.? If you can provide a bit more to narrow down your topic, we can point you in the right direction.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

  • April 30, 2003 at 6:45 am

    #455791

    Which one of the two is most widely used?

    Security vulnerabilities?

    Buffer overruns?

    Encryption?

  • April 30, 2003 at 7:00 am

    #455796

    Usage: you'll actually have to do a breakdown based on size of the organization and core technologies. MySQL is promising to be Enterprise-ready in the next version by adding full support for foreign keys and stored procedures as well as building a job scheduling system similar to what SQL Server already has.

    SQL Server probably has more reported security vulnerabilities but then again, it's a bigger target, is more heavily used in medium to large businesses and like Oracle is squarely in the sights of NGSSoftware (MySQL is not). Buffer overflows have been bread and butter for David Litchfield and crew on both SQL Server and Oracle. See the recent announcement of the Oracle patch that came out yesterday (4/29/03).

    Neither product natively encrypts the data so far as I am aware. SQL Server does support data stream encryption using SSL starting with SQL Server 2000. SQL Server 7.0 supports encryption using the multi-protocol net library and this is also present in SQL Server 2000, but it's considered deprecated as per Microsoft. Of course, there's always IPSec, but this isn't a feature of the database but rather supported by the OS. Windows 2000 has native IPSec support. I know BSD is a strong player, but I'm not familiar enough with its flavors to tell you how integrated IPSec is.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply