Stefan over at Suspekt brought up some interesting security vulnerabilities based on MySQL's column truncation tendencies (when not in strict mode), so I thought I'd add my own to the pile, this one right in the grant tables.MySQL's user table restricts user names to 16 characters (and hosts to 60). Any attempt to create a user with a longer login results in an error. However, unlike Stefan's example where a field is compared, then truncated and then inserted, MySQL actually truncates a login attempt before processing it. ...
Talend announced an open source data quality offering this week at the TDWI conference in San Diego. The company is rapidly to filling out the basic components needed in a complete data integration suite. In June they delivered added changed data capture (CDC) features to Open Studio, their ETL tool. They also added Talend Open Profiler for data profiling. While Talend doesn’t offer a complete suite yet, these new offerings are a big expansion of functionality in short time. The ETL and data profiling tools are available today, but Data Quality won’t be ready for download until September.
Talend …
[Read more]
Open Query
has partnered with The Pythian Group, founded in Canada by Paul
Vallee and active around the world providing fractional database
infrastructure teams on a linear cost-to-effort basis.
Open Query focuses on MySQL and related training
and consulting work, whereas The Pythian Group has its
remote DBA offering with around the clock (and around the globe)
coverage. A perfect match!
I'm very pleased with this partnership, so a grand thanks to Paul
and Alex, but also Sheeri, Niklas, Gerry, Augusto, Keith, Julien,
Singer, Danil, Santinesh, Paul, and everybody else (they're
everywhere!) I've met some of you already, and hope to meet …
If this can be of any interest, the following is the list of new variables included in MySQL™ v.6.0.6-alpha. Maria-variables already included in prev. binary versions (like 5.1.23-maria) are not count here.
- falcon_checksums: (default ON) to calculate and verify page checksums.
- falcon_serial_log_file_size: not documented.
- falcon_use_sectorcache: not documented.
- falcon_use_supernodes: not documented.
- maria_force_start_after_recovery_failures: Number of consecutive log recovery failures after which logs will be automatically deleted to cure the problem; 0 (the default) disables the feature.
- maria_recover: Specifies how corrupted tables should be automatically repaired.
No new status variables have been included. …
[Read more]Last week, noted PHP security expert Stefan Esser from SektionEins fame held a webinar together with MySQL regarding the topic "Create secure LAMP applications". Unfortunately, this Webinar was in German, but if you understand German you might be interested in the Webinar recording which is now available at MySQL's website. If you have further questions regarding Web Application Security or MySQL security, don't hesitate to contact us.
This TOTD (Tip Of The Day) shows how to create a simple Java
Server Faces application using NetBeans IDE 6.1. This is my first ever Java
Server Faces application :) Much more comprehensive applications
are already available in NetBeans and GlassFish tutorials.
The application is really simple - it allows you to create a
database of cities/country that you like. You enter the city &
country name on a page and click on Submit. This stores the data
entered in the backend database and displays all the stored
values in a new page. This application demonstrates simple JSF
concepts:
- How to create a JSF application using NetBeans IDE ? …
Protobuf comes with a minor problem: it does not have support for handling "type tagged structures", that is, something reminiscent of objects in OOP lingo, so if one is going to have a heterogeneous sequences of messages, you have to roll it yourself. For that reason, I added a transport frame for the messages in the binary log that wraps each with some extra information. In addition to allowing the binary log to be a sequence of messages, it also adds some integrity-checking data and simplifies some administrative tasks.
| Length |
|---|
| Type Tag |
| Message |
| Checksum |
The format of each message in the sequences is given in the table in the margin. where the length is a specially encoded …
[Read more]
disclaimer: this is a blatant plug for a friend of mine,
Kristy Bennett.
Kristy runs (among many things ;-) a company
called Green & Nutty, selling so-called soap nuts
(sapindus mukorossi). Actually, only the nut shells
are used and no actual seeds should be part of what you get as
per Australian quarantine regulations (the seeds don't contain
the soap compound).
So anyway, you stick one half soap nut shell per kilo of washing
in a little bag (provided) and add to washing, and that's all you
need - forget about the old laundry powder/liquid or any other
blah. After a handful of washes (depends on washing temp), you
add a few more shells into the bag. You can also make shampoo by
simply boiling a few shells for a bit; …
I got some interesting comments on my previous article about unit testing Maatkit, including echoes of my own conversion to the unit-testing religion. One of the objections I’ve heard a lot about unit-testing is how it’s impossible to test code that talks to a database. “It’s too hard,” they say. “Oh, it’s easy to test a module that calculates a square root, but a database? Way too much work!”
Note: As commenters have pointed out, I’m not necessarily using “unit” in the agreed-upon way here. Everything I say can be applied to ultra-pure unit testing too, but I go beyond that. I will hold fast to my assertions about mocking though *grin*
Is it really impossible or even hard?
I disagree. In one of my previous articles I said …
[Read more](first in what will probably be a series of blogs as we move all our projects to a replicated, MySQL 5.0 environment, and I finally get to start playing with all the useful features that come with it)Say you've got a client, Mystery Client A. Mystery Client A has hired a marketing consultant. As a part of their rebranding efforts, they have decided to refactor their company spelling convention to MysteryClientA!, for whatever reason. That's fine for replacing a few logos, but MCA has a database-driven content management system, and their name is riddled throughout the database in page content, event description, news headlines and so forth. Your job is now to sift through the entire system and apply the newly crafted spelling to the entire database. So what do you do? ...