Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

The Java Danger Expand / Collapse
Author
Message
Posted Saturday, January 12, 2013 2:20 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 10:27 AM
Points: 31,040, Visits: 15,470
Comments posted to this topic are about the item The Java Danger






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1406412
Posted Saturday, January 12, 2013 6:39 PM


SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Wednesday, February 20, 2013 4:06 PM
Points: 30, Visits: 174
It's really important to remember that the Java vulnerability only affects the browser based plugin. So, when you say "There are people that use Java to access SQL Server instances, and for those people, I'd suggest you carefully watch your systems, understand the potential issues, and ensure you have good point to point security enabled in your firewalls or routers" keep in mind that every piece of software between the end user browser and the server would need to be compromised. In the enterprise software world, there is usually at least one middle tier, if not multiple tiers, between the end user desktop and the database server.

The worst part about this vulnerability is that users of older versions of IE are particularly vulnerable - making the recommended fixes to disable the plugin requires a registry change.


Jeremiah Peschka
Microsoft SQL Server MVP
Managing Director - Brent Ozar PLF, LLC
Post #1406438
Posted Monday, January 14, 2013 8:47 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 10:27 AM
Points: 31,040, Visits: 15,470
Good to know. I misread and was thinking this affected all Java installations. Let's hope that's true and there isn't a bit hole in the desktop installations.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1406776
Posted Monday, January 14, 2013 8:55 AM


SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Wednesday, February 20, 2013 4:06 PM
Points: 30, Visits: 174
Looks like an update is already available, too. Exciting times!

Jeremiah Peschka
Microsoft SQL Server MVP
Managing Director - Brent Ozar PLF, LLC
Post #1406781
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse