Improvements to security remain another question mark for SQL 2003, according to Watters. "There are many things that people consider to be holes in the security of SQL Server right now. In a normal installation, brute force dictionary attacks can be made on the engine without much recourse. If a hacker can get to the server, there's no lockout mechanism for the SA account after so many failed attempts, for instance. Of course, that causes problems if you happen to go against the best practice of not using the SA login for anything, and you lock out the SA login and it's in use," says the DBA.
"I could go on and on about the perceived problems with SQL Security. The reality is, I have to do extra work to cover up the holes that exist, but (the holes) aren't so aggressive that they can't be overcome with solid experience and education applied to the SQL Server environment. Still, I hope to not have to think about and act about (security) as much."