Re: C5 MySQL injection attack ("Union Select")

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, March 24, 2016 9:48 am, m.roth@xxxxxxxxx wrote:
> Valeri Galtsev wrote:
>> On Wed, March 23, 2016 10:21 pm, Always Learning wrote:
>>> mysql  Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (x86_64) using
>>> readline 5.1
> <snip>>
>> Indeed. There are several flaws in how mysql handles data. This is why
>> to
>
> Ok, do you have a link or two to info about that?

Mark, you seemed to snip away the link to presentation on youtube :

https://www.youtube.com/watch?v=1PoFIohBSM4

which I gave in my post. That even though a bit old, was instructive for me.

>
>> the best of my ability I am trying to avoid mysql, and use postgresql if
>> whatever chunk of software I need is designed to work also with
>> postgresql. And I recommend developers I work with/for the same (to use
>
> We seem to be moving to postgresql.

Great!

> I find I do not like it - it's much
> more of a pain to work with than mysql is. Do you have any opinions about
> meria d/b? Are there improvements over the flaws you're aware of with
> mysql?

Mariadb being a fork of mysql likely inherited mysql's "inconsistencies".
Not that I would say mysql (and mariadb surely) folks are not working on
improvements. E.g., the default installation of latest mysql does not have
any accounts with empty password (I was weeding these away for years with
every new installation of mysql. Oh, well, maybe I'm wrong, as this I just
had seen fixed on FreeBSD, so it is possible that package maintainer did
this nice cleaning). I'm not the one who can have any opinion on something
 (mariadb) which he doesn't use, still...

Valeri

> <snip>
>
>         mark
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux