[CentOS] C5 MySQL injection attack ("Union Select")

Valeri Galtsev galtsev at kicp.uchicago.edu
Thu Mar 24 15:23:13 UTC 2016 

On Thu, March 24, 2016 9:48 am, m.roth at 5-cent.us wrote:
> Valeri Galtsev wrote:
>> On Wed, March 23, 2016 10:21 pm, Always Learning wrote:
>>> mysql  Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (x86_64) using
>>> readline 5.1
> <snip>>
>> Indeed. There are several flaws in how mysql handles data. This is why
>> to
>
> Ok, do you have a link or two to info about that?

Mark, you seemed to snip away the link to presentation on youtube :

https://www.youtube.com/watch?v=1PoFIohBSM4

which I gave in my post. That even though a bit old, was instructive for me.

>
>> the best of my ability I am trying to avoid mysql, and use postgresql if
>> whatever chunk of software I need is designed to work also with
>> postgresql. And I recommend developers I work with/for the same (to use
>
> We seem to be moving to postgresql.

Great!

> I find I do not like it - it's much
> more of a pain to work with than mysql is. Do you have any opinions about
> meria d/b? Are there improvements over the flaws you're aware of with
> mysql?

Mariadb being a fork of mysql likely inherited mysql's "inconsistencies".
Not that I would say mysql (and mariadb surely) folks are not working on
improvements. E.g., the default installation of latest mysql does not have
any accounts with empty password (I was weeding these away for years with
every new installation of mysql. Oh, well, maybe I'm wrong, as this I just
had seen fixed on FreeBSD, so it is possible that package maintainer did
this nice cleaning). I'm not the one who can have any opinion on something
 (mariadb) which he doesn't use, still...

Valeri

> <snip>
>
>         mark
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++

More information about the CentOS mailing list