Two of the tenets that were important to us as we designed SQL Server 2005 were called “Secure by Default” and “Secure by Design.” These tenets are manifest in a number of ways throughout the product. Examples in SQL Express include the fact that we install the minimum components required to get a functioning database and that we don’t enable network protocols in a default installation. (The issue of remote connectivity generates a bunch of question of it’s own, but that’s not today’s topic. If I’ve peaked your interest, check out the KB article 914277: How to configure SQL Server 2005 to allow remote connections to learn more.)
Another important way to improve the security of an application is to make sure it is easy to update it to the latest version. In the language of the business, this is called “servicing” the application. We’re going to improve the Servicing of SQL Express, when we release Service Pack 2, by making it available on Microsoft Update as a recommended update. Having SQL Express on Microsoft Update is a continuation of the work we started by making Service Pack 1 of the other Editions of SQL Server 2005 available on Microsoft Update. SQL Express will be detected when you scan your computer, right along with other Microsoft applications, and you will have the ability to select the update and have it applied to your computer. The other significant benefit of having SQL Express serviced using Microsoft Update is the ability to issue Critical Updates, should the need arise, and have them automatically downloaded and/or installed based on the setting on the computer. You will still be able to download the latest version of SQL Express from the SQL Express download page to install new instances.
This new servicing model has some ramifications for developers who include SQL Express as a component in their applications. Microsoft Update will detect and update all instances of SQL Express on the computer. Developers need to be aware of upcoming service pack releases and get involved in the Community Technology Previews for each service pack. Participation in the CTP and reporting issues is the best way to help Microsoft ensure that we don’t break backwards compatibility in our service packs. Obviously, it’s always our goal that existing applications continue to work, the CTP is a safety valve to help achieve that goal.
Before you even ask, I don’t have any dates for Service Pack 2 or the CTP. I’ll post them when I can. Keep an eye on the SQL Server 2005 Home Page and the SQL Server 2005 Developer Center for announcements and dates.