What is Digg?Sponsored by Dragon Age: Origins
Join the Dragon Age: Origins development team on Facebook view!
facebook.com/DragonAgeOrigins - EA presents BioWare's new dark fantasy epic Dragon Age: Origins. '9/10' from Game Informer.
45 Comments
- psylence, on 10/12/2007, -4/+22SQL Server is one of MS's decent products, this shouldn't be too surprising.
- AGiantCow, on 10/12/2007, -11/+21"Microsoft is often unfairly slammed for security issues"
LMAO - jon3k, on 10/12/2007, -0/+11@rocjoe71
If you think SQL injection is a problem that needs to be solved by a relational database management system, then you *really* need to go pick up a book.
An RDBMS does what it's told to do. If an *application* allows a user to tell it to do unscrupulous things ... who's fault do you think that is? (tip: key word is application) - jamend, on 10/12/2007, -1/+11Those are only used for websites, didn't you know?
- JQP123, on 10/12/2007, -0/+10Equating the current SQL Server with Sybase is like saying that Vista is just DOS with new eye candy.
- nixfu, on 10/12/2007, -2/+8
Man...Firebird is one of the Best Open Source databases out there, it just does not get the publicity. Firebird is a real enterprise class open source database, but I guess that is almost a negative in Open Source because it makes it not get used for any of the small stuff.
Funny, there are sooo many great Open Source databases that they all have a hard time getting people to notice them... there are what like 3 commercial ones now? (DB2, Microsoft Sybase SQL Server, and Oracle).
Check this out:
http://www.firebirdsql.org/
"Firebird is a relational database offering many ANSI SQL standard features that runs on Linux, Windows, and a variety of Unix platforms. Firebird offers excellent concurrency, high performance, and powerful language support for stored procedures and triggers and full SQL92. It has been used in production systems, under a variety of names since 1981.
Firebird is completely free of any registration, licensing or deployment fees. It may be deployed freely for use with any third-party software, whether commercial or not."
http://www.firebirdsql.org/guide/FBFactsheet.html - weprin, on 10/12/2007, -4/+10I would argue that SQL Server is their most well-executed project. It is reliable, efficient, and effective. It's also very easy to learn and implement. And now it is free (the Express Edition, which does have some limitations).
- Chewie67, on 10/12/2007, -2/+7Not surprising at all. I'm no fan of Micrsoft, but SQL Server is fantastic.
- nofxjunkee, on 10/12/2007, -0/+4It's an oxymoron but it's sort of true (truthiness=70). Because of MS's track record exploits from MS can't be forgiven. When Apple or Mozilla patch an exploit people congratulate them on how fast or whatever. When MS patches one people complain that the bug was there at all, that it took too long to patch, or whatever else.
So MS is given a hard time, but there are reasons why MS is given a hard time. Many people (who aren't geeks) probably don't realise that. - akcoder, on 10/12/2007, -3/+8MS SQL Server is indeed based on Sybase SQL Server (later renamed to Adaptive Server Enterprise). However, MS SQL Server hasn't had input from Sybase since 1993, which is when MS SQL Server v4.21 for Windows NT was released.
- nixfu, on 10/12/2007, -0/+5>there is NOTHING worse than Oracle
Oh..I have used it...its no party thats for sure..but believe me, there is something worse.. the devil spawn known as SAP. - soulscreme, on 10/12/2007, -4/+8So the debate is between MS SQL and Oracle? What happened to MySQL and PostgreSQL?
- badriram, on 10/12/2007, -6/+10Thats right folks, Microsoft has not done anything to it over the last what decade after getting it. Please give credit where credit is due, and quit complaining just because it is MS
- nixfu, on 10/12/2007, -8/+12>SQL Server
umm you mispelled.... "SYBASE is one of the best purchases that Microsoft has ever made which they later called innovation". - grumpyrain, on 10/12/2007, -0/+4"Well MySQL and PostreSQL are both available for free"
MySQL is **not** free unless you are writing GPL software:
http://www.mysql.com/company/legal/licensing/
Until recently, MySQL lacked support for declared constraints, triggers and a host of other features required by many enterprise customers. It sits nicely in the LAMP stack though, and is generally 'good enough' to be a back end to a website.
PostgreSQL is pretty powerful and has been around forever, but until about a year ago (possibly 2 now) lacked a windows port. There is also Firebird, both of which have better licensing terms for commercial software.
SQL Server ships with some excellent tools like query profiler, and I think that (at least partly) the key to its success. - KooLLaiD, on 10/12/2007, -2/+5I can tell you this much, there is NOTHING worse than Oracle's E-procurement system. POS would be an understatement :o
- nixfu, on 10/12/2007, -3/+6MORE ROFL!
- jon3k, on 10/12/2007, -2/+5"I would argue that SQL Server is their most well-executed project."
That's funny, it's almost like you're implying they actually WROTE SQL Server.
But yes, Microsoft SQL Server is a fantastic piece of software. Well, SQL Server 2000 at least, SQL Server 7 had it's issues.
But when you consider the amount of software they include as "Oracle" it really isn't a fair comparison. It all comes down to bugs per line(s) of code. - rocjoe71, on 10/12/2007, -4/+6Well MySQL and PostreSQL are both available for free. If something for free turns out to have security flaws... well, you get what you paid for.
It should be said that all four, and all SQL databases, still suffer from the most widespread security flaw, SQL injection which has more to do with bad developers than bad database servers. In fact its so widespread and so easy to pull off that it almost make any other security issue moot since any criminal out for CC numbers would choose the "tool" that will work regardless of the database choice. - TopBanana, on 10/12/2007, -0/+2As a user of both, I wholeheartedly agree. Oracle is a PITA to use
- grumpyrain, on 10/12/2007, -0/+1@rocjoe71
You have heard of parametized queries right? - TanNg, on 10/12/2007, -0/+1Don't touch our Google God, or we will digg you down!
- inactive, on 10/12/2007, -0/+1Duplicate . This was posted earlier
http://digg.com/security/Which_is_more_secure_Oracle_vs_Microsoft_SQL - martynda, on 10/12/2007, -3/+4Although both are very good, there is no one to blame when things go wrong with those, so they're not "real" databases to most managers.
- DarthFredd, on 10/12/2007, -0/+1I agree with you: comparing security vulnerabilities like this (based purely on "number discovered") is flawed, because a) more holes may be found later and b) what is considered a "security hole" is relative and undefined in the study.
- Darwinian, on 10/12/2007, -0/+1I am so glad someone managed to find this out as a real statistic.
Oracle make Bebo, Bebo has many flaws. - iolalla, on 10/12/2007, -1/+2This report sucks!!
The consultant only compares the bugs reported, solved and closed in Oracle and SQLServer.
And if you read carefully will discover that the consultant didn't pay attention to the bugs reported and solved in "SQL Server 2005 Service Pack 1" and in Windows 2000 SP4.
Hey Mr independent Consultant, Do your Homework!!!! - CaughtThinking, on 10/12/2007, -1/+2How about some context? I have yet to encounter a situation clustering the db sounded like a good idea.
- inactive, on 10/12/2007, -1/+1Having used both, I agree that oracle is light years ahead in features. SQL server did a great job on 2005 (they finally put in real read/write consistency logic) so they can now be used effectively for most database tasks.
That said, when a database like Oracle has thousands more features, more bugs should be expected. The reality is that most bugs that I see in MS or Oracle are only a problem if the DBA setup the database with little security. These security firms also like to include bugs in Oracle's tally from unrelated products like the application server which is like including IIS or OS bugs in with SQL Server.
When it comes down to it, if you only install the features that you use and get a competent DBA and network admin, MS and Oracle will be roughly equivalent in security.
"I have yet to encounter a situation clustering the db sounded like a good idea."
- Watch a box fry and tell me that clustering isn't a good idea. - flcnstu, on 10/12/2007, -0/+0I think everything has flaws, its it is because of those hackers and people who talk about the flaws that make it better. Hopefully this information will help the next generation be more secure than this one.
- inactive, on 10/12/2007, -1/+1And what does eprocurement have to do with database bugs? Different product, different development group.
- geronimo, on 10/12/2007, -1/+1Oracle is complex but if you get a savvy Oracle DBA he can make Oracle do wonders. I remember how Oracle is able to use 'raw mode' vs the filesystem which means it is in charge of caching and it can perform really well. This tuning is hard to come by outside of Oracle. Oh well, postgres is the next best thing.
- jon3k, on 10/12/2007, -1/+1RTFA. They include a lot more than just the DBMS itself. Per another comment I made on here, it comes down to bugs per lines of code.
I'm not an Oracle guy myself, but let's not turn this into blind Microsoft fanboyism. - inactive, on 10/12/2007, -8/+7Can MS SQL run on Linux or BSD? So do they factor in the required OS's problems? Genuine Window's Deactivation(c) and security update reboots?
Oracle is a bitch to configure, a real pig, but it's no excuse for letting MS SQL slip by with crap claims. - rruggeri, on 10/12/2007, -5/+4SQL 7 was the last version with sybase code before almost total rewrite.
- chuckd, on 10/12/2007, -11/+9Wasn't MS SQL Server really just a bastard child from Sybase?
- inactive, on 10/12/2007, -7/+4"Measuring security is a very complex process, and customers must take a number of factors into consideration" said an Oracle spokeswoman.
So according to them you need an Oracle database running on a cluster of supercomputers in order to measure the security of a product. Just great, forget about a clear answer whether your product is secure or not, let's just spend the next coming years pondering about it and rendering meaningless charts. - nixfu, on 10/12/2007, -11/+7>Wasn't MS SQL Server really just a bastard child from Sybase?
Actually, its a direct copy of Sybase SQL Server with a new GUI slapped on....but I am sure some MS Fanboys will tell you that its "innovative". - inactive, on 10/12/2007, -12/+7>Wasn't MS SQL Server really just a bastard child from Sybase?
Yes. I worked on the "project" - all M$ did was slap a flaky GUI on the front of Sybase's product.
Microsoft have NEVER written anything useful - any product that (nearly) works is based on bought or stolen code. Microsoft have NEVER released ANY product that actually works properly!
Game Over, Microsoft - nixfu, on 10/12/2007, -9/+4>total rewrite
AS IF Microsoft is actually capable of re-writing anything... their internal software development processes are so ***** up it would take 1000 years for them to write something as complicated as a database server from scratch. - inactive, on 10/12/2007, -7/+2Pick 3:
Sqlite
Postgres
Oracle
I suspect Postgres will soon overtake Oracle in respect to the few useful features not yet implemented. - fusioned, on 10/12/2007, -10/+2Larry Ellison is the *****.
- hambend, on 10/12/2007, -10/+2Is that meant to be some kind of plug for Microsoft? "They aren't the worst"?
- merreborn, on 10/12/2007, -15/+3This is really just a comparison between a giant douche and a turd sandwich.
P.S.: Your database should be behind the firewall anyway. If attackers have access, you've already failed. - inactive, on 10/12/2007, -18/+5SQL Server isn't a Microsoft product at all - as usual, it's someone else's code. They bought SYBASE and then renamed their product. Microsoft have NEVER written ANY useful code - anything that works, they either bought or stole.
Game Over, Microsoft
© Digg Inc. 2009
— Content created and posted by Digg users is