Chapter 21: Microsoft SQL Server Architecture
SQL Server Background
Microsoft Corporation's relational database server SQL Server is a relative newcomer to the market in comparison to the more established Oracle and IBM's DB2; however it has quickly achieved a considerable market share. According to an August 2003 International Data Corporation report SQL Server now represents an 11.1% share of the global database market, behind Oracle at 39.4% and DB2 at 33.6%. This data was collected for sales across all platforms; SQL Server became the most popular database for Windows servers in 2001.
The first incarnation of Microsoft SQL Server was released in 1992 with a beta release for Windows NT. This was developed from a version of Sybase SQL Server, which Microsoft developed in conjunction with Sybase for the OS/2 operating system in 1989. The first official release was named SQL Server 4.2, and came out for Windows NT in September 1993. Although SQL Server was initially developed from Sybase's SQL Server code-base, the working relationship ended with the release of SQL Server 6.0. After this point, when SQL Server became a purely Microsoft product, the quantity of original Sybase code in the product decreased in subsequent releases; SQL Server 7.0 contained virtually no original Sybase code. The latest available version is SQL Server 2000; at the time of this writing, SQL Server 2005, codenamed Yukon, is being prepared for imminent release.
SQL Server's security history, in common with all other popular database servers, has been somewhat mixed. It has been vulnerable to its fair share of buffer overflows and format string bugs , most notably the resolution service overflow exploited by the Slammer worm, which compromised more than 75,000 hosts within 10 minutes of its release in January 2003.
Microsoft ships a stripped-down royalty-free version of the SQL Server engine, known as the Microsoft Data Engine (MSDE), which is included with many products that need to store and retrieve information from a database. This extra contingent of end users running a database server, often unwittingly, led in part to the rapid spread of the Slammer worm.
SQL Server Versions
Microsoft ships a number of different versions of SQL Server 2000 to cater to different user requirements and platforms. The differences in functionality mean that security considerations vary between releases. Table 21-1 describes the various versions of SQL Server available and their essential differences.
| Version | Comments |
|---|---|
| Enterprise Edition | Used on large production database servers where speed and availability are a high priority. This version runs only on Windows Server operating systems. Offers features such as replication and online analytical process (OLAP) services, which could increase its vulnerability. |
| Standard Edition | This version is similar to the Enterprise Edition but lacks Virtual Interface System Area Network (VI SAN) support and some advanced OLAP features. |
| Personal Edition | This is intended to be used on workstations and laptops rather than servers. Designed to support a maximum of five database users. |
| Developer Edition | Intended for software developers, this has similar features to the Enterprise Edition, but is not meant to be run in a production environment. |
The Microsoft document, "Choosing an Edition of SQL Server 2000" ( http://www.microsoft.com/sql/techinfo/planning/ChoosEd.doc ), provides details of the different versions.
EAN: 2147483647
Pages: 156