Database Security: Oracle or SQL?

by Asim K
In her 2010 article titled, “SQL Server Most Secure Database; Oracle Least Secure Database Since 2002”, Laura DiDio explores the security and vulnerability of the two leading database systems out: Oracle and SQL. Quite from the beginning, meaning the title, Laura explains how the SQL database is more secure than Oracle – and not just by a tiny margin. During an eight and a half year period, from 2002 to 2010, the NIST CVE (National Vulnerability Database) statistics recorded 321 security related issues for Oracle, the highest of any vendor. This was six times more than that reported of SQL server. DiDio explains that SQL’s unmatched security is not a fluke or luck of draw, it is rather a direct result of Microsoft’s investment in the Trustworthy Computing Initiative, an initiative launched by Microsoft in 2002 where they stopped code development across all product like the scrub the code base and make their products more reliable and secure.

Although strong security is important from the server or organization side, one must also acknowledge that a system is only as secure as the person who runs it. In this sense, if there is an error on the user side, no matter how secure a system might be, there is possibility of high security risks. This being said, no database is 100 percent hack proof.

Laura brings up some interesting points about database security. As students who are looking to get into, possibly, the database field, we must always keep in mind the types of databases we use and their flaws (or weaknesses). Because we can sometimes forget about user error, we must focus on that the most. Often times we are comforted by automated security measures – much like having a car alarm, or several security measures and locks in ones home. But one has to realize that these security measures are not the be all, end all of security risks, as even the toughest banks and the largest of museums have been robbed in heists, despite the measures taken by the user. Like the famous EZ-E said, “Check yoself before you wreck yoself.” As much as this saying applies as a hip hop philosophy, it applies even more to functioning members of the ever growing industry of database systems – we must make sure we ourselves have taken the appropriate steps in securing databases before we turn to databases themselves for the comfort, or the illusion of, security.

DiDio, L. (2010, September 19). ITIC » Posts » SQL Server Most Secure Database; Oracle Least Secure Database Since 2002. ITIC. Retrieved November 11, 2011, from