Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Wanderer
Master Smack Fu Yak Hacker
1168 Posts |
 Posted - 2004-07-13 : 06:22:21
|
| Hi all,I am looking at setting up SQLmail to allow for automated reactive emails based on certain events, as well as reporting based on certain conditions - for example queue lengths > 20 for one of our applications (simple select from a table).However, there is quite a bit of pushback due to concerns regards SQLmail security. In the bad old days of SQL7 sa "blank" default, I can see that this would be a big concern, but with a properly secured SA password (which no-one uses) and a normal domain user that has local admin and sign-on as service rights on the SQL server to run the SQL server, what issues are there ? My understanding of the main "concerns" are largely 2 categories:Viruses, trojans etc. from incoming mail.An attacker using SQL to do mass mailing etc.Are there others?*##* *##* *##* *##* Chaos, Disorder and Panic ... my work is done here! |
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
Posted - 2004-07-13 : 07:28:56
|
| For an attacker to use SQL for mass mailings they would have to compromise your SQL Server first. At that point, using my email would be the least of my worries. I think my biggest problem with SQLMail is the fact that it's slow, relies on MAPI which is old technology, and is not the most stable thing on earth. You might want to search the forum for SQLMail. There are several alternatives out there. (What am I saying...you've already seen a lot of them if you have over 500 posts now.)MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA. |
 |
|
|
Wanderer
Master Smack Fu Yak Hacker
1168 Posts |
Posted - 2004-07-13 : 07:43:50
|
Hi Derrick,Yeah - I did do a search on SQLMail as first point. Perhaps I should take a different approach - I have read some of the references to using other mechanism's (sp_OAcreate etc.). Guess I really need to read up more on those - I confess to getting a bit lost last time I tried to grasp them.  *smacks hand* shouldn't get influenced into using the fast way  CiaO*##* *##* *##* *##* Chaos, Disorder and Panic ... my work is done here! |
|
|
|
|
|
|
|
|
SQLMail security concerns