Feeds

Microsoft measures up

A meter is a meter is a meter. Not

3 Big data security analytics techniques

4326 is an example of a Spatial Reference ID (SRID) and the STGeomFromText() method recognizes it and treats the incoming latitude and longitude values appropriately. In past Project Watches, I have suggested that competent IT people could write their own spatial data types, and that's true. However here, in this one method that can recognize and deal with 389 (including WGS 84) different spatial systems, you can see why it would be a great deal of work.

That's the geography related data, then, but what of SQL Server 2008 itself?

Microsoft's approach to security has become very rigorous of late, which is excellent. However, the security policy has clearly not had time to become completely integrated with the rest of the company's policies, as has been highlighted in our work with these core additions to the Microsoft stack.

As an example, Microsoft is keen that we make use of online help - so every time we used the help system Internet Explorer accessed the web. However, by default, the server is configured with IE Enhanced Security Configuration (Esc) set to "on". So all attempts to use the online help system got blocked.

You can, of course, try to add the site to the trusted sites (although this is somewhat tortuous) but it doesn't help because the help system is based upon manifold URLs. So you cannot realistically use the help system unless you disable Esc; which is what we have done. We do understand that you can have Esc "on" for the server and "off" for the workstations but in practice it is still a major inconvenience.

As a side issue, surely anyone who names a security enhancement "escape" either has a very advanced sense of humor or none at all. It is not clear which in this case.

Security aside, where are the stories of smoke, horror and woe in implementing the system on new editions of Microsoft software? You may notice that, so far, I have not said much about how the whole software stack has been running.

Remarkably, this is because - at least until now - the whole stack has been working far, far better than we'd anticipated. We have experienced no catastrophic crashes: neither the SQL Server 2008 database engine nor the Windows Sever 2008 operating system have ever crashed. On two occasions a process crashed in Visual Studio 2008, causing it to run very slowly thereafter. Both times this was cured by the time-honored practice of rebooting the server.

Given that all of the software on the machine is a community technology preview (CTP), and given the hammering it has had, I'm very pleased with this performance. I wouldn't be happy with it in production software but this is CTP. We're using it for development not production and it has proved eminently suitable for the job.®

Follow Register Developer regular Mark Whitehorn next time on Project Watch: Microsoft 2008 as he continues to roll out a spanking-new 1TB database for several thousand users on Microsoft's SQL Server 2008, Visual Studio 2008 and Windows Server 2008.

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.