Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Security Overhaul to Postpone SQL Server

    By
    Matthew Hicks
    -
    September 2, 2002
    Share
    Facebook
    Twitter
    Linkedin

      Built-in security development is at the heart of a delay of a major Microsoft Corp. database upgrade.

      An upgrade to SQL Server, code-named Yukon, will be delayed from late this year to early next year, said company officials here last week, to build more security features into the database. According to the officials, Microsoft pulled its 1,000-person development team off the latest SQL Server database earlier this year to focus solely on security for three months.

      SQL Server users said Microsofts new focus on security is much-needed, as databases are increasingly open to users outside a companys firewall through the Web. SQL Server has become a common target for hackers because of its increasing use, particularly among smaller companies that might lack in-house security expertise, said Ron Talmage, an independent SQL Server consultant and owner of Prospice LLC, in Seattle. “[Microsoft] didnt have any choice but to focus on security,” Talmage said. “Its no longer just an irritation; its a necessity.”

      “Im glad Microsoft is taking a renewed look at security before it deploys things because that makes it more bulletproof before it gets to us,” said Mike Reagin, director of research and development at Providence Health System, in Portland, Ore.

      Reagin, who uses databases from Microsoft and Oracle Corp., said SQL Server, with its deeper integration with Windows, is more open to vulnerabilities. However, Providence is increasing its deployment of SQL Server because of the products ease of use and integration with the .Net development environment.

      Added to the database are enhancements to the setting of administrator passwords and row-level security to provide more granular user-access controls, officials said. With row-level security, Yukon will extend beyond its current column- and table-level security to let administrators define what level of access users have down to the row.

      The impetus for the security review, in addition to Microsofts companywide Trustworthy Computing push, was a rise in the number of reports on SQL Server security holes that Microsoft was receiving, officials said. Microsoft released three patches for SQL Server 2000 last year, but the company has released eight so far this year.

      The work, begun in mid-March, included a review of all 5 million lines of SQL Server code and security training for developers and testers.

      Despite the delay of the Yukon beta, the program remains on track for general availability next year, said SQL Server Vice President Gordon Mangione. “What we were doing [with] knee-jerk reactions werent going to work,” Mangione said. “It was three months of absolute dedicated time on [security], and that did impact the Yukon schedule, and it was an easy decision to make. Whats happened more than anything is we looked at our processes from end to end and made sure that this has to be part of what we do [with] every code review, every build.”

      As the Microsoft database proliferates, Providence Healths Reagin said he is concerned that installing security fixes will become harder and time-consuming. To help ease patch deployments, officials said, Microsoft plans to launch by years end a Quick Fix Engineering installer to help automate extensive patches that can include fixing security holes.

      Matthew Hicks
      As an online reporter for eWEEK.com, Matt Hicks covers the fast-changing developments in Internet technologies. His coverage includes the growing field of Web conferencing software and services. With eight years as a business and technology journalist, Matt has gained insight into the market strategies of IT vendors as well as the needs of enterprise IT managers. He joined Ziff Davis in 1999 as a staff writer for the former Strategies section of eWEEK, where he wrote in-depth features about corporate strategies for e-business and enterprise software. In 2002, he moved to the News department at the magazine as a senior writer specializing in coverage of database software and enterprise networking. Later that year Matt started a yearlong fellowship in Washington, DC, after being awarded an American Political Science Association Congressional Fellowship for Journalist. As a fellow, he spent nine months working on policy issues, including technology policy, in for a Member of the U.S. House of Representatives. He rejoined Ziff Davis in August 2003 as a reporter dedicated to online coverage for eWEEK.com. Along with Web conferencing, he follows search engines, Web browsers, speech technology and the Internet domain-naming system.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×