Hi:
I would like to know security implications on two different ways to enable
an application to email alerts.
1. Installing outlook client for application to call.
2. Using CDOSYS to point to SMTP server and send email using AD
username/password.
Thanks for any input.Option 1 -very bad choice. Outlook has too many security issues to safely in
stall on a server.
Option 2. klutzy but will/could work But waitk there are better choices.
Option 3. SQL 2000 download xp_smtpmail from [url]http://www.sqldev.net/xp/xpsmtp.htm[/
url]
Option 3. SQL 2005 -Use the included smtp mail server. Look up sp_send_dbmai
l in Books on Line.
--
Arnie Rowland*
"To be successful, your heart must accompany your knowledge."
"Cindy" <Cindy@.discussions.microsoft.com> wrote in message news:943EC1D1-1E2A-413A-8DF5-A5F9
19125DD9@.microsoft.com...
> Hi:
> I would like to know security implications on two different ways to enable
> an application to email alerts.
>
> 1. Installing outlook client for application to call.
>
> 2. Using CDOSYS to point to SMTP server and send email using AD
> username/password.
>
> Thanks for any input.|||Thanks for the information, but can you point me to some specifics about the
Outlook security issues. I am bringing up new SQL database with accounting
package. Package developers want to install Outlook on SQL server (has to b
e
2000 not compatiable with 2005). Need facts to support my posiition. If i
have no choice but to install outlook how can I secure?
If CDOSYS is klutzy is it more secure than outlook?
Thanks, Cindy
"Arnie Rowland" wrote:
[vbcol=seagreen]
> Option 1 -very bad choice. Outlook has too many security issues to safely
install on a server.
> Option 2. klutzy but will/could work But waitk there are better choices.
> Option 3. SQL 2000 download xp_smtpmail from http://www.sqldev.net/xp/xpsmtp.htm
> Option 3. SQL 2005 -Use the included smtp mail server. Look up sp_send_dbm
ail in Books on Line.
> --
> Arnie Rowland*
> "To be successful, your heart must accompany your knowledge."
>
>
> "Cindy" <Cindy@.discussions.microsoft.com> wrote in message news:943EC1D1-1
E2A-413A-8DF5-A5F919125DD9@.microsoft.com...|||Here is some sources of information about Outlook/MAPI issues.
http://support.microsoft.com/defaul...b;en-us;Q315886
Top Causes of SQL Server Downtime (Item #2)
http://www.sqlmag.com/Article/Artic...rver_40011.html
http://www.karaszi.com/SQLServer/info_no_mapi.asp
Google for "SQL Server" + MAPI + problems
Microsoft has 'dumped' MAPI for SQL Server 2005, instead using a built in
SMTP client.
--> check out xp_smtpmail. It's very easy to set up and very easy to use.
<--
The question to raise, "Is it better to use a mail client that has no
documented problems running or SQL Server, or a mail client that has a long
history of problems, including causing the SQL Server to fail."
What difference to the developers as long as there is a flexible way to send
messages.
And your last question, how can you secure Outlook... possibly never.
Recognize that as the number one mail client, it is the biggest target for
any hackers (new expliots are regularly found), and what do hackers want to
hack? -data servers.
If you can't tell, I have a 'little' bias on this issue... Outlook/MAPI on
SQL Server is a big AND unnecesssary mistake.
Arnie Rowland*
"To be successful, your heart must accompany your knowledge."
"Cindy" <Cindy@.discussions.microsoft.com> wrote in message
news:464BAE44-2A86-4DDA-AF3C-9726B9AFAC03@.microsoft.com...[vbcol=seagreen]
> Thanks for the information, but can you point me to some specifics about
> the
> Outlook security issues. I am bringing up new SQL database with
> accounting
> package. Package developers want to install Outlook on SQL server (has to
> be
> 2000 not compatiable with 2005). Need facts to support my posiition. If
> i
> have no choice but to install outlook how can I secure?
> If CDOSYS is klutzy is it more secure than outlook?
> Thanks, Cindy
> "Arnie Rowland" wrote:
>|||Thanks for the info.
Cindy
"Arnie Rowland" wrote:
> Here is some sources of information about Outlook/MAPI issues.
> http://support.microsoft.com/defaul...b;en-us;Q315886
> Top Causes of SQL Server Downtime (Item #2)
> http://www.sqlmag.com/Article/Artic...rver_40011.html
> http://www.karaszi.com/SQLServer/info_no_mapi.asp
> Google for "SQL Server" + MAPI + problems
> Microsoft has 'dumped' MAPI for SQL Server 2005, instead using a built in
> SMTP client.
> --> check out xp_smtpmail. It's very easy to set up and very easy to use.
> <--
> The question to raise, "Is it better to use a mail client that has no
> documented problems running or SQL Server, or a mail client that has a lon
g
> history of problems, including causing the SQL Server to fail."
> What difference to the developers as long as there is a flexible way to se
nd
> messages.
> And your last question, how can you secure Outlook... possibly never.
> Recognize that as the number one mail client, it is the biggest target for
> any hackers (new expliots are regularly found), and what do hackers want t
o
> hack? -data servers.
> If you can't tell, I have a 'little' bias on this issue... Outlook/MAPI on
> SQL Server is a big AND unnecesssary mistake.
> --
> Arnie Rowland*
> "To be successful, your heart must accompany your knowledge."
>
> "Cindy" <Cindy@.discussions.microsoft.com> wrote in message
> news:464BAE44-2A86-4DDA-AF3C-9726B9AFAC03@.microsoft.com...
>
>|||Understanding that Outlook has security issues, I personally have used SQL
Mail in the past with the Outlook client and had great success. Although it
may be one of the top reasons for 'downtime' (if you call a reboot
downtime), how much downtime is that? If you have 99.9% uptime and SQL Mail
is responsible for .1% downtime, is that acceptible? It was for me.
If you stay on top of your Outlook updates, restrict access to the xp_'s
(xp_sendmail, for example), and do your homework on SQL Mail, there is some
reward to offset the risk. There are factors that may sway you one way or
another depending on your situation.
My server sent an average of around 100 emails per minute - with SQL Mail
and the Outlook client.
"Cindy" <Cindy@.discussions.microsoft.com> wrote in message
news:943EC1D1-1E2A-413A-8DF5-A5F919125DD9@.microsoft.com...
> Hi:
> I would like to know security implications on two different ways to enable
> an application to email alerts.
> 1. Installing outlook client for application to call.
> 2. Using CDOSYS to point to SMTP server and send email using AD
> username/password.
> Thanks for any input.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment