MySQL and the SQL Injection fiasco


Embarrassing it is indeed when one (particularly one at the top of their trade) gets caught not doing what they should have been doing by setting an example.

The knowledge of existence of SQL Injection  is so common that it goes without saying that sites have to guard themselves against these types of attacks. So when MySQL.com gets hit with SQL Injection (and successfully at that), you begin to wonder; where do we go and bang our heads now. Well, at least that’s how folks at MySQL might be feeling right now. See, even now if you google “mysql sql injection“, you get links on what SQL injection is, how it is used to exploit database weaknesses and how to prevent it. So isn’t it ironic, don’t you think when MySQL.com itself is the victim?

News of the successful SQL Injection attacks against MySQL.com and it’s parent Sun/Oracle (over the last weekend of March 2011) is all over the place. Here it is for you to enjoy consider:

This is by means not blaming MySQL database systems, since it is the website implementations that were all screwy. But, there is a message in this for all of us.

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: