Musings of Geekdom by Eric Newton

tail /var/log/thoughts
posts - 88 , comments - 41 , trackbacks - 68

SQL Server service pack 4

Here's a great one for anybody applying the SP4 to SQL Server:

Try doing a trace on SQL statements that happen to even vaguely mention “password”... it'll block it!

Even if the code is inserting an email that vaguely mentions something about password security... without even saying “the password was [blank].“

Try this sql script, running SQL Profiler:

use northwind
insert into customers ( customerid, companyname, contactname )
values ( 'PASSW', 'Password Experts', 'The password man' )

Guess what... it gets blocked.  Apparently it really is just a dumb substring search for the “password“ text...

Great job guys... That's the way to really “think” about security...

Anyone? Anyone? 

Print | posted on Thursday, October 20, 2005 10:54 AM |

Feedback

Comments are closed.
Comments have been closed on this topic.

Powered by: