If you’re using MySQL and SSL, you might want to glance over this article and give your setup a quick test.
I’ve uncovered an alarming bug in 5.5 where one could gain access to your MySQL instance just knowing the username and password (not having any SSL certificate, key, etc.)!
Of course, I’ve filed a bug about it here:
It’s been over 4 days now, and not one comment from the MySQL Bug/Dev Team.
So once again, I feel the need to share this bug with the public, in case you are using SSL with 5.5, and think your connections are …[Read more...]