[linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

Andrew akohlsmith-le@benshaw.com
Sun Jan 26 06:37:47 PST 2003


> What, you can't make a front-end that has only the necessary
> features, and thus has fewer places to be insecure than a
> full-blown database?  You have to give your customers the ability
> to actually connect to your database directly, there's no other
> way?

There are a lot of closed-source (financial!) applications which need to 
connect directly to an SQL Server 2000 database.  Winfund is one such POS 
software, but there are others as well.  AccPAC (MiSYS) is another -- this 
one in particular is very obnoxious -- it not only requires TCP/IP access to 
the Pervasive server, but also an SMB connection to the data store so that it 
can use file-level locks. (?!?!!)

If the RDBMS code is solid, it shouldn't be a problem.  Closed or open, every 
software has the potential for problems.  In theory there should be little 
relay programs to perform these kinds of proxies with added security checks 
on queries and ACLs, but dammit that's what the database inet frontend is 
supposed to handle gracefully, and raw filtering is for firewalls and/or 
routers.

Regards,
Andrew



More information about the linux-elitists mailing list