> But IMHO, that *is* the point. If it's on the Internet, it's exposed . > . . And if a stored procedure is exposed, then the whole system is > exposed . . .
Nonsense, you read to many MS papers <g>. Lots of ISP's run SQL servers on the internet for radius authentication, where the database and stored procedures are not exposed. Just because MS describes something you don't consider safe, you are assuming there isn't a safe way to do it? If what you say is true, then all the MS databases where they store registration information, windows update information, activation information, they must all be exposed so how about posting exploits for them so we can get MS to secure our data? Or are those on the net yet not exposed? Geo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
