Security Overhaul to Postpone SQL Server | eWeek

Security Overhaul to Postpone SQL Server

Écrit par
Matthew Hicks
Matthew Hicks
Sep 2, 2002
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Built-in security development is at the heart of a delay of a major Microsoft Corp. database upgrade.

An upgrade to SQL Server, code-named Yukon, will be delayed from late this year to early next year, said company officials here last week, to build more security features into the database. According to the officials, Microsoft pulled its 1,000-person development team off the latest SQL Server database earlier this year to focus solely on security for three months.

SQL Server users said Microsofts new focus on security is much-needed, as databases are increasingly open to users outside a companys firewall through the Web. SQL Server has become a common target for hackers because of its increasing use, particularly among smaller companies that might lack in-house security expertise, said Ron Talmage, an independent SQL Server consultant and owner of Prospice LLC, in Seattle. “[Microsoft] didnt have any choice but to focus on security,” Talmage said. “Its no longer just an irritation; its a necessity.”

“Im glad Microsoft is taking a renewed look at security before it deploys things because that makes it more bulletproof before it gets to us,” said Mike Reagin, director of research and development at Providence Health System, in Portland, Ore.

Reagin, who uses databases from Microsoft and Oracle Corp., said SQL Server, with its deeper integration with Windows, is more open to vulnerabilities. However, Providence is increasing its deployment of SQL Server because of the products ease of use and integration with the .Net development environment.

Added to the database are enhancements to the setting of administrator passwords and row-level security to provide more granular user-access controls, officials said. With row-level security, Yukon will extend beyond its current column- and table-level security to let administrators define what level of access users have down to the row.

The impetus for the security review, in addition to Microsofts companywide Trustworthy Computing push, was a rise in the number of reports on SQL Server security holes that Microsoft was receiving, officials said. Microsoft released three patches for SQL Server 2000 last year, but the company has released eight so far this year.

The work, begun in mid-March, included a review of all 5 million lines of SQL Server code and security training for developers and testers.

Despite the delay of the Yukon beta, the program remains on track for general availability next year, said SQL Server Vice President Gordon Mangione. “What we were doing [with] knee-jerk reactions werent going to work,” Mangione said. “It was three months of absolute dedicated time on [security], and that did impact the Yukon schedule, and it was an easy decision to make. Whats happened more than anything is we looked at our processes from end to end and made sure that this has to be part of what we do [with] every code review, every build.”

As the Microsoft database proliferates, Providence Healths Reagin said he is concerned that installing security fixes will become harder and time-consuming. To help ease patch deployments, officials said, Microsoft plans to launch by years end a Quick Fix Engineering installer to help automate extensive patches that can include fixing security holes.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.