[Pauldotcom] sql server express vs full version for a lab
Pat
nutjob.ie at gmail.com
Mon Mar 16 15:15:12 UTC 2009
Once you install the management studio you wont have a problem. (separate
download)
On Mon, Mar 16, 2009 at 2:43 PM, Robin Wood <dninja at gmail.com> wrote:
> I'll install SQL Express then. I thought I'd be ok with it but just
> wanted to be sure before spending days of head banging trying to get
> something to work that would fine on a paid for system.
>
> Robin
>
> 2009/3/16 Pat <nutjob.ie at gmail.com>:
> >
> >
> > On Mon, Mar 16, 2009 at 2:35 PM, Pat <nutjob.ie at gmail.com> wrote:
> >>
> >> Small tips.
> >>
> >> Sql Express is missing some of the analysis services and some of the
> >> reporting serices. From a break in point of view this wont matter to
> you.
> >> Express is free and comes in a re-distributable installer package
> designed
> >> to be bundled in other pub installers.
> >>
> >> Be sure to Get older versions of express also. 2005 + 2008 express
> >> editions are in common use. SQL server 2000 i have seen recently
> deployed on
> >> a system and forgotten about.
> >>
> >>
> >> Also tools like Sql Server Management studio and SQL profiler are very
> >> useful in lab environments.
> >> If you are trialling an SQL injection attack SQL profiler will show you
> >> exactly what is round tripping to the database. Very helpful on a Blind
> SQL
> >> attack or when your application testing. (you wont have this on a real
> >> pen-test but still worth learning)
> >>
> >>
> >> Hopefully this mail Goes through. As i think due to the use of my signup
> >> for everything account with an unusual name i get filtered.
> >>
> >> Best of luck,
> >> Pat
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> 2009/3/16 Russell Butturini <rbutturini at epictn.com>
> >>>
> >>> I second Tim’s recommendation. SQL Express should work fine for this.
> >>> And definitely check out the Foundstone Hacme series, as John suggested
> on
> >>> Ep 143. Hacme bank is GREAT!!!
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> From: pauldotcom-bounces at mail.pauldotcom.com
> >>> [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Tim
> Krabec
> >>> Sent: Monday, March 16, 2009 8:19 AM
> >>> To: PaulDotCom Security Weekly Mailing List
> >>> Subject: Re: [Pauldotcom] sql server express vs full version for a lab
> >>>
> >>>
> >>>
> >>> go with express. I believe that is the free version. That will give
> you
> >>> 2 things, 1 a test bed, and 2 a good piece of SW to learn on, that will
> >>> probably be installed (as a feature of other software)
> >>>
> >>> On Mon, Mar 16, 2009 at 9:06 AM, Robin Wood <dninja at gmail.com> wrote:
> >>>
> >>> Hi
> >>> I'm setting up a windows lab machine and want sql server on it. I'm
> >>> looking at playing with basic sql injection and stored procedures, in
> >>> particular xp_cmdshell. Does anyone know if there are any differences
> >>> for this kind of thing between the express version of sql server and
> >>> the paid for versions or are the differences purely in the amount of
> >>> data and things like that?
> >>>
> >>> Robin
> >>> _______________________________________________
> >>> Pauldotcom mailing list
> >>> Pauldotcom at mail.pauldotcom.com
> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >>> Main Web Site: http://pauldotcom.com
> >>>
> >>>
> >>> --
> >>> Tim Krabec
> >>> Kracomp
> >>> 772-597-2349
> >>> smbminute.com
> >>> kracomp.blogspot.com
> >>> www.kracomp.com
> >>>
> >>> _______________________________________________
> >>> Pauldotcom mailing list
> >>> Pauldotcom at mail.pauldotcom.com
> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >>> Main Web Site: http://pauldotcom.com
> >>
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090316/58ba8174/attachment.htm
More information about the Pauldotcom
mailing list