The driver supplies Red Hat Enterprise Linux 5 users with sqlcmd and bcp utilities. It supports SQL Server 2008 R2 and SQL Server 2012, which used to go by the codename Denali. Unfortunately, the current version of the driver does not support Microsoft’s AlwaysOn feature. Noted for its high-availability and disaster recovery in SQL Server, AlwaysOn will reportedly be supported in a future release.
According to Microsoft’s FAQ on the driver release, Red Hat Enterprise Linux 5 is the only platform that is currently supported. Whether or not the company adds support for other Linux operating systems in the form of SUSE, Solaris, and HP-UX remains to be seen. The FAQ also explained that Microsoft has no plans to offer SQL Server support directly on Linux and noted that the driver itself is not open source.
The ODBC driver release displays another way in which Microsoft is trying to interact with Linux in terms of interoperability. The release also displays Microsoft’s intentions to support open source ODBC-based APIs instead of its own Object Linking and Embedding Database, or OLE DB, method. The entire OLE DB phasing out process is expected to take approximately seven years to complete.
Microsoft’s transition to ODBC was ignited by customer feedback as well as the company’s belief that it will improve facilitation when it comes to tapping Microsoft SQL Azure and other cloud databases. A future release of the driver for Red Hat Enterprise Linux will supposedly support SQL Azure connections. The move to ODBC should also aid the migration of legacy databases to SQL Server, including the upcoming SQL Server 2012. Microsoft’s driver announcement discussed the way in which the new release will make Sybase migrations easier, saying: “For customers who want to move from Sybase to SQL Server, the SQL Server ODBC Driver for Linux allows C and C++ code to continue running in Linux environments.”
The transition to ODBC has not come without controversy, however. Some developers used a Microsoft forum to complain about the lack of SQL Server Analysis Services support via ODBC. T.K. Anand, a Microsoft representative, responded to the concerns by promising such support in the future, although he failed to give any details on an actual date. In addition to his latest response, Anand wrote the following in September concerning the topic: “As a result of the SNAC [SQL Server Native Client] OLE DB deprecation, Analysis Services will be enhanced in a future release to natively support ODBC for consuming data. At that time, customers can switch their BI [business intelligence] applications from SNAC OLE DB to SNAC ODBC. This switch should be relatively straightforward and require just updating the connection string in the Analysis Services DataSource object.”
For more on this topic, visit http://reddevnews.com/articles/2011/11/29/microsoft-releases-sql-server-odbc-driver-for-red-hat-linux.aspx
Thousands of Websites Possibly Affected by SQL Injection Attack
SQL injection attacks are nothing new, as they have wreaking havoc on everything they touch for years now. A massive SQL injection attack made the news earlier this year, and it appears as if 2011 has another rather massive attack to add to its list.
According to a blog post by Mark Hofman of the SANS Internet Storm Center, the latest SQL injection attack may have infected over 4,000 websites. Hofman noted reports of infections occurring at many sites via a string being inserted into multiple tables. “From the information gathered so far it looks targeted at ASP, IIS and MSSQL backends, but that is just speculation,” Hofman said.
The infection seemed to spread at a rapid pace, as he said approximately 80 sites first appeared in a relevant Google search. The number of sites 12 hours later more than doubled to 200, then grew to 1,000, and finally exceeded the 4,000 mark. Any visitors stumbling upon such infected sites were being redirected to pages advertising phony antivirus software and similar programs.
As for protection against such attacks, Hofman said access to any malicious redirect sites should be blocked. He added: “The hex will show in the IIS log files, so monitor those. Make sure that applications only have the access they require, so if the page does not need to update a (database), then use an account that can only read.”
For more on this topic, visit http://www.scmagazineuk.com/sql-injection-attack-infects-more-than-4000-websites/article/218104/