MySQL 5.1.47

In addition to the security update, MySQL 5.1.47 is also very important for an additional reason. The InnoDB plugin that ships with this version has been updated to 1.0.8, which is …

Financial services on the go - GlassFish for Fundamo and profit
Alexis recently published a new Adoption Story on how Fundamo uses GlassFish v2 and OpenMQ for its Enterprise Platform. Overview at stories entry, details in questionnaire, and an overview in this earlier short video interview.
We are always interested in more GlassFish adoption stories, both from (non-paying) users and from (paying) customers.   …

Here’s a sneak peek at a video matrix — this is all the videos that include Pythian Group employees at the MySQL conference. I hope to have all the rest of the videos processed and uploaded within 24 hours, with a matrix similar to the one below (but of course with many more sessions).

I gave a presentation today at the MySQL Conference & Expo 2010, titled SQL Injection Myths and Fallacies. Thanks to everyone who came to my talk! I appreciate your interest in learning to develop more secure applications. SQL Injection is a serious threat to web applications, and it's only going to get worse. It's incumbent on you as software developers to learn how to write secure code!My

Requirement 6 of PCI DSS v1.2 states that in order to be compliant, an organization must: “Develop and maintain secure systems and applications” “Unscrupulous individuals use security vulnerabilities to gain privileged access to systems. Many of these vulnerabilities are fixed by vendor- provided security patches, which must be installed by the entities that manage the [...]

Requirement 4 of PCI DSS v1.2 states that we must: “Encrypt transmission of cardholder data across open, public networks” Specifically, “Sensitive information must be encrypted during transmission over networks that are easily accessed by malicious individuals. Misconfigured wireless networks and vulnerabilities in legacy encryption and authentication protocols can be continued targets of malicious individuals who [...]

Requirement 3 of the PCI DSS v1.2 is: “Protect Stored Cardholder Data” As vague as that sounds, the PCI DSS enumerates exactly what that covers: Data Element Storage Permitted Protection Required PCI DSS Req 3.4 Primary Account Number Yes Yes Yes Cardholder Name* Yes Yes No Service Code* Yes Yes No Expiration Date* Yes Yes [...]

Requirement 2 of the PCI DSS v1.2 is: “Do not use vendor-supplied defaults for system passwords and other security parameters” Understanding that we’re limiting the discussion solely to MySQL (OS, Network Devices, and other software will no doubt apply to overall compliance), we can do this easily. The vendor-supplied default MySQL 5.1.43 (they’re similar across [...]

From a security standpoint VFP is a nightmare. You can do pretty much anything on the program end with passwords etc but I never found a way around the fact that you pretty much have to give the client access to the Data directory. VFP being a flat file system (even with the introduction of DBC’s – databases) you had to give the client at the very least read access to the tables and if you wanted him/her to change something then write access too. Only way around that might have been to use VFPOLEDB and a web server but then why use VFP.

Now moving to MYSQL I want to point out some instant benefits you get migrating to MYSQL and that is security. One thing probably not immediatly visible to a newbie is the power of the “DEFINER” and INVOKER security options on stored procedures. This allows clients to do things under certain circumstances that they do have no right to. I want to use the following example to demonstrate the very …

This is the 182nd edition of Log Buffer, the weekly review of database blogs. Make sure to read the whole edition so you do not miss where to submit your SQL limerick!

This week started out with me posting about International Women’s Day, and has me personally attending Confoo (Montreal) which is an excellent conference I hope to return to next year. I learned a lot from confoo, especially the blending nosql and sql session I attended.

This week was also the Hotsos Symposium. …