Derrick Leggett Blog

Ramblings, grumblings, and other nonintelligible nonsense about SQL Server.

<b>Applications that SUCK!!!!!</b>

In this world of third-party insanity, I'm constantly amazed how much companies spend for third-party applications that are written like crap and have ZERO security.  Lately, I've been plagued by a series of third-part applications using the sa username and password.  When you ask them WHY, they get angry and explain that's how the applications were designed.  When I politely explain to them that they are idiots, they don't seem to comprehend WHY.  So, I'll say it again…..YOU'RE AN IDIOT!!!!!/o:p

 /o:p

Magic Helpdesk/st1:personname Software (http://www.remedy.com/solutions/magic/)/o:p

Websense (http://www.websense.com/)/o:p

  • Focusing on the security of the web.   HAHAHAHA/o:p

RATA HMDA Compliance software (added 20050517)/o:p

  • This one kind of cracks me up.  The default installation creates an account and assigns sysadmin server role rights to it.
  • HELLOOOOOOOOO!!!!!!! /o:p

 /o:p

I’ll add to the list as I think about more.  Let me know your personal favorites./o:p

 /o:p

Legacy Comments


robvolk
2005-01-12
re: <b>Applications that SUCK!!!!!</b>
<i>Focusing on the security of the web. HAHAHAHA</i><p>Hey, there's no conflict there. The web sites are secure...it's your DATABASE SERVERS that are open wider than a $5 hooker with a $100 bill.

darktrooper
2005-01-17
re: <b>Applications that SUCK!!!!!</b>
We had a third-party database application that used an INI file to store SQL credentials. When they sent to sample INI file it had a key for the username (already filled in with 'sa') but no key for the password. When I asked about it they were very suprised to know that my sa account had a password.

Needless to say I didn't use the sa account, or any account with a blank password once they gave me the info to setup the password.

Also, some time later they sent out a message to all their customers informing them about a worm that exploited SQL servers with blank sa passwords...

scary stuff