Embarrassing it is indeed when one (particularly one at the top of their trade) gets caught not doing what they should have been doing by setting an example.
The knowledge of existence of SQL Injection is so common that it goes without saying that sites have to guard themselves against these types of attacks. So when MySQL.com gets hit with SQL Injection (and successfully at that), you begin to wonder; where do we go and bang our heads now. Well, at least that’s how folks at MySQL might be feeling right now. See, even now if you google “
mysql sql injection“, you get links on what SQL injection is, how it is used to exploit database weaknesses and how to prevent it. So isn’t it ironic, don’t you think when MySQL.com itself is the victim?
News of the successful SQL Injection attacks against MySQL.com and it’s parent Sun/Oracle (over the last weekend of March 2011) is all over the place. Here it is for you to
This is by means not blaming MySQL database systems, since it is the website implementations that were all screwy. But, there is a message in this for all of us.