MySQL Forums
Forum List  »  Security

Re: Comments: Kaj Arnö - How MySQL Treats Security Vulnerabilities
Posted by: Ravenous Bugblatter Beast
Date: December 07, 2007 07:57AM

When classifying a remote user vulnerability, I think you should have two priority levels that distinguish between those that can be exploited remotely via SQL language statements submitted through the official client libraries, and those that require maliciously written client libraries or a direct network connection to mysql server.

The former class are more serious as they can be exploited through SQL injection in a poorly written client application, or having a mysql account on a shared server, rather than requiring code written by the exploiter to directly connect to the server, which in most cases network security would prevent happening.

Options: ReplyQuote


Subject
Views
Written By
Posted
Re: Comments: Kaj Arnö - How MySQL Treats Security Vulnerabilities
4034
December 07, 2007 07:57AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.