SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

The Java Danger

By Steve Jones,

In the news this week, I saw something that surprised me. It wasn't in my technical news, but rather on CNN that there was an announcement of a Java vulnerability. I had seen this listed in tech news, but hadn't paid a lot of attention to it since I tend not to use Java on my browsers. The few places that require it remind me to turn it on and usually update it. However there's a vulnerability in Java that is being attacked widely and US-CERT issued an advisory asking people to disable Java on their browsers. If you're not sure how to do this, a quick search on the Internet should help you. 

For most of us that use SQL Server, this isn't likely an issue for our database systems. Java is typically not how our servers are accessed. There are people that use Java to access SQL Server instances, and for those people, I'd suggest you carefully watch your systems, understand the potential issues, and ensure you have good point to  point security enabled in your firewalls or routers.

Lots of our software has security issues and there are alerts being issued regularly by vendors and various security agencies. If you browse the 2012 alerts from CERT, you will see the list dominated by Microsoft products, of which there are many. Not all of them apply to SQL Server instances, but some do and you should subscribe to some bulletin service and be aware of the patches that are being released for the software you run.

Better security also comes from limiting the services you run on systems, not installing optional software, and using someting like the Best Practices Analyzer to check your installations and ensure you are not making common mistakes that can be exploited by anyone.

Total article views: 146 | Views in the last 30 days: 1
Related Articles

Software Vendor Security

This week Steve Jones finds some issues with the security of third party vendor software.


SQL Server 2008 Encryption Software

Security software


Securing SQL Backups

SQL Server does many things very well, but securing itself is not one of them. While securing your s...


Security: People Are the Weakest Link

There was an interesting conversation on Twitter today about security awareness and why the training...


Tuning People?

Database people are used to changing the hardware of the server on which a problem database resides...

database weekly