SQL Server Boss Gives a Sneak Peek

 
 
By Matthew Hicks  |  Posted 2002-09-09 Email Print this article Print
 
 
 
 
 
 
 

Interview: Microsoft's Mangione talks about security, scalability and other features in the next version of his database.

With Microsoft Corp. coming off a major security push and moving headlong into its next major SQL Server release, code-named Yukon, eWEEK Senior Writer Matt Hicks recently sat down with the companys SQL Server Vice President Gordon Mangione at Microsofts Redmond, Wash., offices. Mangione offered both a birds eye view of what to expect in Yukon, due in 2003, and a deeper look at a revamped security push for SQL Server. eWEEK: Microsoft is supposed to release a beta version this year of Yukon. Where does that stand? Mangione: Yukon is a big release. I mean theres no ifs, ands or buts about it. The teams rolled off our whole security initiative—for SQL Server 2000 and Yukon. Well be coding for most of this year, and youll see us into beta early next year.
eWEEK: So not this year?
Mangione: No, no…the security stuff was interesting. The reality is we looked at what happened last fall, and we as a company had to do something different. What we were doing [with] knee-jerk reactions wasnt going to work. I worked for Brian Valentine [senior vice president of Microsofts Windows Division] for four years, and hes very much, "were going to go change the way were doing things." And he literally wrote an internal mail, and then Bill [Gates] backed him up with the Trustworthy Computing [initiative] within a week that said, look, were going to take everyone off writing new code and youre going to dive in and were going to code review every single line of code. Were going to redo our processes. Were gong to take those tools that we always talked about using in research to help us design better code, and were going to make them part of the standard process. So we were kind of fortunate in SQL [Server] that we were able to build upon the work that really got started in the operating system, but the reality is that from start to finish it was three months. Every develop, every tester, every program manager…we literally code-reviewed every single line of code, we rewrote entire test plans, we built security threat analysis and really looked hard at everything we do inside the product… It was three months of absolute dedicated time on it and that did impact the Yukon schedule. It was frankly an easy decision to make. But really whats happened more than anything is weve looked at our processes from end to end and made sure that this just has to be part of what we do—every code review, every build.
eWEEK: When it came to SQL Server and security, has it made any significant changes in how youre architecting the product? Mangione: That exact question got asked of Windows. Had we done something architecturally flawed? …We found out there wasnt anything architecturally flawed in what we did. Things that seem like small things, like buffer overruns when you combine them with other things can be used as launch points to go and execute code off of a stack or execute code internally. Its mostly little small things…


 
 
 
 
Matthew Hicks As an online reporter for eWEEK.com, Matt Hicks covers the fast-changing developments in Internet technologies. His coverage includes the growing field of Web conferencing software and services. With eight years as a business and technology journalist, Matt has gained insight into the market strategies of IT vendors as well as the needs of enterprise IT managers. He joined Ziff Davis in 1999 as a staff writer for the former Strategies section of eWEEK, where he wrote in-depth features about corporate strategies for e-business and enterprise software. In 2002, he moved to the News department at the magazine as a senior writer specializing in coverage of database software and enterprise networking. Later that year Matt started a yearlong fellowship in Washington, DC, after being awarded an American Political Science Association Congressional Fellowship for Journalist. As a fellow, he spent nine months working on policy issues, including technology policy, in for a Member of the U.S. House of Representatives. He rejoined Ziff Davis in August 2003 as a reporter dedicated to online coverage for eWEEK.com. Along with Web conferencing, he follows search engines, Web browsers, speech technology and the Internet domain-naming system.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel