Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

The Java Danger

By Steve Jones,

In the news this week, I saw something that surprised me. It wasn't in my technical news, but rather on CNN that there was an announcement of a Java vulnerability. I had seen this listed in tech news, but hadn't paid a lot of attention to it since I tend not to use Java on my browsers. The few places that require it remind me to turn it on and usually update it. However there's a vulnerability in Java that is being attacked widely and US-CERT issued an advisory asking people to disable Java on their browsers. If you're not sure how to do this, a quick search on the Internet should help you. 

For most of us that use SQL Server, this isn't likely an issue for our database systems. Java is typically not how our servers are accessed. There are people that use Java to access SQL Server instances, and for those people, I'd suggest you carefully watch your systems, understand the potential issues, and ensure you have good point to  point security enabled in your firewalls or routers.

Lots of our software has security issues and there are alerts being issued regularly by vendors and various security agencies. If you browse the 2012 alerts from CERT, you will see the list dominated by Microsoft products, of which there are many. Not all of them apply to SQL Server instances, but some do and you should subscribe to some bulletin service and be aware of the patches that are being released for the software you run.

Better security also comes from limiting the services you run on systems, not installing optional software, and using someting like the Best Practices Analyzer to check your installations and ensure you are not making common mistakes that can be exploited by anyone.

Total article views: 144 | Views in the last 30 days: 1
 
Related Articles
ARTICLE

Software Vendor Security

This week Steve Jones finds some issues with the security of third party vendor software.

FORUM

SQL Server 2008 Encryption Software

Security software

ARTICLE

Securing SQL Backups

SQL Server does many things very well, but securing itself is not one of them. While securing your s...

BLOG

Security: People Are the Weakest Link

There was an interesting conversation on Twitter today about security awareness and why the training...

ARTICLE

Tuning People?

Database people are used to changing the hardware of the server on which a problem database resides...

Tags
database weekly    
editorial    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones