<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQLServerCentral.com
»
Editorials
»
The Java Danger
The Java Danger
Rate Topic
Display Mode
Topic Options
Author
Message
Steve Jones - SSC Editor
Steve Jones - SSC Editor
Posted Saturday, January 12, 2013 2:20 PM
SSC-Dedicated
Group: Administrators
Last Login: Today @ 2:54 PM
Points: 31,410,
Visits: 13,726
Comments posted to this topic are about the item
The Java Danger
Follow me on Twitter:
@way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
Post #1406412
Jeremiah Peschka
Jeremiah Peschka
Posted Saturday, January 12, 2013 6:39 PM
SSC Rookie
Group: General Forum Members
Last Login: Wednesday, February 20, 2013 4:06 PM
Points: 30,
Visits: 174
It's really important to remember that the Java vulnerability only affects the browser based plugin. So, when you say "There are people that use Java to access SQL Server instances, and for those people, I'd suggest you carefully watch your systems, understand the potential issues, and ensure you have good point to point security enabled in your firewalls or routers" keep in mind that every piece of software between the end user browser and the server would need to be compromised. In the enterprise software world, there is usually at least one middle tier, if not multiple tiers, between the end user desktop and the database server.
The worst part about this vulnerability is that users of older versions of IE are particularly vulnerable - making the recommended fixes to disable the plugin requires a registry change.
Jeremiah Peschka
Microsoft SQL Server MVP
Managing Director -
Brent Ozar PLF, LLC
Post #1406438
Steve Jones - SSC Editor
Steve Jones - SSC Editor
Posted Monday, January 14, 2013 8:47 AM
SSC-Dedicated
Group: Administrators
Last Login: Today @ 2:54 PM
Points: 31,410,
Visits: 13,726
Good to know. I misread and was thinking this affected all Java installations. Let's hope that's true and there isn't a bit hole in the desktop installations.
Follow me on Twitter:
@way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
Post #1406776
Jeremiah Peschka
Jeremiah Peschka
Posted Monday, January 14, 2013 8:55 AM
SSC Rookie
Group: General Forum Members
Last Login: Wednesday, February 20, 2013 4:06 PM
Points: 30,
Visits: 174
Looks like an update is already available, too. Exciting times!
Jeremiah Peschka
Microsoft SQL Server MVP
Managing Director -
Brent Ozar PLF, LLC
Post #1406781
« Prev Topic
|
Next Topic »
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
