Here is another example of Microsoft security.....and why Integrated
security should cause you to FEEL INSECURE...
Mail server flaw opens Exchange to spam
http://zdnet.com.com/2100-1105_2-5107904.html
Again and again......if it's not one thing, it's another........
Yeah, right, let's listen to Microsoft on security.......
Anyone basically can, on any given day, look up and see another flaw in
security or OOP or n-Tier....you name it, it's I.T. that doesn't know what
they are doing.....
stupid brainwashed programmers who listen to these authors, "so-called"
architects, gurus, Mr.-I-have-3+articles written-on-DevX-or-wrox, or some
..NET magazine......again and again...sitting around on a white board mapping
out UML has proven to be so failure ridden I don't know how you guys get
away with it!!!
.....Oh, wait.....you guys smoozy up with those VC's like Hummer Windblad and
their failed petstore who could not figure out that people don't want to pay
for shipping on a 50lb bag of dog food....duhhh......they could have at
least asked their mom about that!!!!
ah yes one 10page resume MBA leading another 10page resume MCSD.......
The only thing these MBA, MCSD, MVP's and gurus are good at are their
PowerPoint slides and typing their 3 and 4 letter acronyms....
Typing 3-4 letter acronyms onto a computer is not the same as typing out the
entire production code to a web app.
Example code and apps are not PRODUCTION apps....ask the
DotNetJunkies......I bet you deep down, they feel a lot different then what
they are saying.......and OOP and n-Tier are not what they are cut out to
be.......Look at the DotNetNuke re-write....shawn thinks that's the only
way...yet in his blogs he's complaining about how hard and how much time he
spent just trying to separate the data tier cleanly...and for WHAT???? to
hook up to some Access database.....all that trouble for people who want to
their database for free, yet the developer who spent all the time
programming thinks he is going to get paid for all that effort...ha ha
ha.....sooner or latter, this developer is going to learn that people who
are going to pay him something is going to pay for SQL Server....you think
people who want to use an Access database care about performance, security,
and the long term....guess again, if they don't care enough to even spend
for a $1000 copy of single client license sql server...don't you ever expect
them to pay you for n-Tier, OOP solution......
oh, but wait a second...let's let the access db get corrupted and then they
will come a running to you and then you can charge them more!!!!!, or will
they blame you........either way.....something gets a lot of downtime,
unhappy customers, and all because someone didn't stand their ground.....
nospam said:
Maybe you should mind your own business.
SysAdmin generally don't know anything about SQL Server programming, nor or
they PAID to do so.
Not true. Even if you set your SQL server to use integrated security, the
only windows users who have access to the server by default are local and/or
domain administrators. Regular users ONLY have access once an admin has
granted them access. In addition, the same security restrictions that can
be placed on sql users, can be placed on windows users. When granting a
windows user access to a database, a sql server login is actually
created
to
represent the windows user.
And do we need the LOCAL admin or DOMAIN admin to have access to the SQL
Server...they don't know any sql programming anyway, nor are they familiar
with the tables or the store procedures and much less the application that
uses the database anyway.
Um... the SysAdmin is generally responsible for the health and maintenence
of the server on which SQL server rides on. In fact, the sys admin is often
responsible for many of the same types of tasks that the DBA is responsible
for.
THEN you are NOT only a SYSADMIN. IF you perform DBA tasks, you are also a
DBA. If you walk like a DBA, talk like a DBA and quack like a DBA, then you
are a DBA.
Not always true. Consider the fact that not all businesses have only 1 web
and 1 sql server to manage. Some of them have 10s, or even hundreds.
Well, you know they should be all in the SAME room and with a separate
network switch from the intranet then.....
And a disgruntled DBA with admin access to the db couldn't do the same
thing? Not a good argument.
YES it is a GOOD argument as you then have a PRETTY good IDEA of who had
access then.
Did you forget, "the principle of least privilege"? that's what they taught
you in the NT security world right?
What do they teach in in security school? Each attack is a NEW, "un-thought
of" attack.
Regular user or Admin User...DOES it REALLY MATTER as this new attack will
exploit this domain relationship and get a regular user to elevate their
user rights to admin rights, accidentally or mischievously ...
This has been a successful mode of attack before.....and it can be done many
many ways......
You allow them to possibly exploit an undocumented or unknown bug in the
system..."software will always have bugs, right???"
-=Chris=- said:
I was minding my own business when nospam blurted out:
Um... the SysAdmin is generally responsible for the health and maintenence
of the server on which SQL server rides on. In fact, the sys admin is often
responsible for many of the same types of tasks that the DBA is responsible
for. Speaking for myself, as a sys admin, I would refuse to manage a server
that I did not have access to. That would be like asking a developer to
develop a database application without access to the database.
And a disgruntled DBA with admin access to the db couldn't do the same
thing? Not a good argument.
committed.....
Not true. Even if you set your SQL server to use integrated security, the
only windows users who have access to the server by default are local and/or
domain administrators. Regular users ONLY have access once an admin has
granted them access. In addition, the same security restrictions that can
be placed on sql users, can be placed on windows users. When granting a
windows user access to a database, a sql server login is actually
created
