September 10, 2002 1:50 PM PDT
Microsoft to build great wall of Yukon
The next version of SQL Server, code-named "Yukon," will include a long list of new security-related features when it debuts in 2003, said James Hamilton, SQL Server's design architect. He said that Microsoft's database team spent more than a month auditing the software code for security holes.
Yukon will include the ability to more easily add security fixes, Hamilton said. Previously, database administrators had to install patches one at a time, a several-step process in which mistakes could be made, he added.
The software will also by default disable public access to all "tables," or rows and columns of data, to prevent hackers from taking advantage of openings, Hamilton said. Microsoft has previously disabled public access by default in many scenarios, but it had previously left open access to some information, such as metadata information, he said. Metadata is the definition of the data in the database.
"When a customer installs Yukon, it will be a secure install," Hamilton said. "It's a faster set-up of your system. You don't have to go through and assign security for everything. It's already set, and you can adjust it."
Yukon also gives administrators more far-reaching control over giving people access to specific data. For example, right now a worker can be granted or denied access to see employee information such as names and phone numbers. But with the upcoming software, administrators can go a step further and give employees access to data of only other workers in the same department.
"You can squeeze down the security more," Hamilton said.
The database security check is part of a company-wide initiative set up by chairman Bill Gates to beef up security in all of Microsoft's products. The tech giant has long been plagued by glitches and security holes in its software, from Windows to the Internet Explorer browser. And SQL Server has had its share of woes, including a worm attack in May. Databases, which manage information, are prone to attacks by hackers who want corporate or Web site information such as credit card numbers.
Microsoft has touted its next-generation database as having new data storage architecture intended to make it easier to find and use corporate data. In fact, a forthcoming version of Windows, code-named Longhorn, will use Yukon's data storage capability.
Sheryl Tullis, Microsoft's product manager for SQL Server, said the company will also try to teach administrators the best practices for using the software through white papers and Webcast tutorials.
"It's not just securing the code, but educating people on reducing risk to themselves," she said.
The test version of Yukon is scheduled for release in early 2003, with final shipment slated for late in the year. Other features include support for Microsoft's .Net strategy and increased performance, reliability and manageability.