What is more secure, Oracle or SQL Server?

posted Tuesday, November 21, 2006 9:25 PM

Over the last year we've had a lot of internal discussions about the database platforms we intend to support for our software.  One of the things that's come up time and time again is that our enterprise customers don't feel SQL Server is an "enterprise scale database".  Given this, it shouldn't be all that surprising that I found this report comparing the security of Oracle and SQL Server very interesting.

The conclusion is clear – if security robustness and a high degree of assurance are concerns when looking to purchase database server software – given these results one should not be looking at Oracle as a serious contender.

That wasn't exactly what I was expecting.

 

Technorati tags: , , , ,
1 Comments

# re: What is more secure, Oracle or SQL Server?

Thursday, November 30, 2006 4:32 PM by Rock    
Like my stats prof used to say - 'Numers don't lie - people do.' Litchfield used to be a big MSFT critic - until they hired him. Think maybe this paper is a little biased? Is this yet another example of MSFT buying someone off to keep them quite? It amazes me that anyone could say SQL Server is more secure than Oracle when SQL Server still has dirt reads. Litchfield - try this. In one SQL Server window, update a row - but don't commit. In another window, set transaction isolation level read uncommitted - then query the same table and see the uncomitted data. You can make any report look the way you want it - and SQL Server keeps no audit of the uncommitted transaction that are read. I'm thinking about starting a consulting business around a contractor time reporting systems using SQL Server - I could rob people blind.

Post a Comment

 
 
Prove you're not a spammer: 
4 + 4 =