Microsoft plans SQL security overhaul

Microsoft is aiming to shore up the security of its SQL Server database management software.

The next version of SQL Server, code-named 'Yukon', will include a long list of new security-related features when it debuts in 2003, said James Hamilton, SQL Server's design architect. He said Microsoft's database team spent more than a month auditing the software code for security holes.

Yukon will include the ability to more easily add security fixes, Hamilton said. Previously, database administrators had to install patches one at a time, a several-step process in which mistakes could be made, he added.

The software will also by default disable public access to all tables, or rows and columns of data, to prevent hackers from taking advantage of openings, Hamilton said. Microsoft has previously disabled public access by default in many scenarios, but it had previously left open access to some information, such as metadata information. Metadata is the definition of the data in the database.

"When a customer installs Yukon, it will be a secure install," Hamilton said. "It's a faster set-up of your system. You don't have to go through and assign security for everything. It's already set, and you can adjust it."

Yukon also gives administrators more far-reaching control over giving people access to specific data. For example, right now a worker can be granted or denied access to see employee information such as names and phone numbers. But with the upcoming software, administrators can go a step further and give employees access to data of only other workers in the same department.

The database security check is part of a company-wide initiative set up by chairman Bill Gates to beef up security in all of Microsoft's products.

The tech giant has long been plagued by glitches and security holes in its software, from Windows to the Internet Explorer browser. And SQL Server has had its share of woes, including a worm attack in May. Databases, which manage information, are prone to attacks by hackers who want corporate or website information such as credit card numbers.

The test version of Yukon is scheduled for release in early 2003, with final shipment slated for late in the year. Other features include support for Microsoft's .Net strategy and increased performance, reliability and manageability.

Wylie Wong writes for News.com