Systems Engineering and RDBMS

Archive for May 7th, 2008

Nice Add Ins to SSMS

Posted by decipherinfosys on May 7, 2008

At a client site, one of the senior DBAs was using a feature in SSMS which I was not aware of so I asked him about it and he pointed me to a site created by Mladen Prajdic who has created a wonderful set of add ons to SSMS. SSMS already has a very feature rich tool set and with these plug ins, some of the daily tasks become even more easier.

You can read more on it on his site:

Posted in SQL Server | Leave a Comment »

Recent Security Issues

Posted by decipherinfosys on May 7, 2008

Of late, there have been too many news about hackers exploiting the vulnerabilities of Oracle and MS SQL Server – a majority of these issues have been because of the SQL injection attacks i.e. bad application and DB programming issues and some of the issues have been because of poor configuration or poor password choices which have been hacked. I was talking to a good friend of mine who is an expert in the security area and he mentioned some of the tools out there that you can use to uncover the vulnerabilities in your environments.

The first tool to start with is the MSFT Baseline Security Analyzer itself. You can read more at this link:

The second one from MSFT would be the SQL Server 2005 Best Practices Analyzer. Use this for checking SQL Server instances for any known security vulnerabilities.

The other commercial ones are:

NGSSQLCrack: Use this for validating that the passwords that you have are strong ones.

NGSSquirrel: Use this for finding different security vulnerabilities with SQL Server and Oracle

Absinthe: Use this for doing SQL Injection tests. Works for both SQL Server and Oracle.

Posted in Oracle, SQL Server | Leave a Comment »