Investigators believe an SQL injection attack was used to exploit a vulnerability in Microsoft's SQL Server database
That simply doesn't make sense. An SQL injection attack is directed at the application running in front of the database server.
UPDATE: Actually it can make sense if the attackers were using an application level vulnerability (SQL injection vulnerability) to access the SQL Server and then used this access to execute an unpatched or zero-day vulnerability.
SQL Server is no more vulnerable to SQL injection attacks than Oracle, MySQL, PostgreSQL or Sybase are. Simply because that class of attack is not directed against the database server. You need a vulnerable application to be vulnerable to SQL injection attacks.
But if you so wish to compare security you can start by comparing how many actual vulnerabilities had hit each system:
Oracle 10.x: 828
MySQL 5.x: 33
PostgreSQL 8: 26
MySQL 4.x: 26
PostgreSQL 7: 24
SQL Server 2005: 10
Notice the one at the bottom? Microsoft SQL server seems to be the most secure of the bunch.
So what was it again that you didn't understand? Need some explanation or were you just trolling?
Discussion on:
Message 5 of 1
IBM Sponsored Resources
Resources from our Sponsor
- Oracle Exadata vs IBM: Netezza Compared
- Forrester TEI Report
- CIA Whitepaper
- Harnessing the Power of Advanced Analytics
- Tapping into Unleashed Business Potential with Advanced Analytics
- Unlock Analytic Performance with Revolution R for Enterprise and IBM: Netezza Data Warehouse Appliance
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
