Introduction

The MySQL database has become the world's most popular open source database because of its consistent fast performance, high reliability and ease of use. MySQL is used on every continent – yes, even in Antarctica! – by individuals, Web developers, as well as many of the world's largest and fastest-growing organizations such as industry leaders Yahoo!, Alcatel-Lucent, Google, Nokia, YouTube and others to save time and money powering their high-volume websites, business-critical systems, and packaged software.

As most products do, MySQL comes "ready-to-work" out of the box. Usually, security is not a major consideration when installing this kind of product. Often, the most important issue is to get it up and running as quickly as possible so that the organization can benefit. This document is intended as a quick security manual to help you bring an installed MySQL database server into conformity with best security …

GreenSQLOpenSource is becoming a popular product. We have received a number of inquiries from our users asking about the database firewall performance. In addition, in the new version, we have incorporated numerous optimization patches. In order to get a feel of the gap, we decided to conduct several performance tests and publish their results.

As you probably know, GreenSQLOpenSource works as an SQL proxy. As a result, the system adds additional layer to your existing application infrastructure. In addition, from the network point of view, GreenSQLOpenSource db firewall creates another network socket when connecting to the genuine MySQL server. All this adds some overhead.

We have tested the system using the speedy configuration. Application logs were disabled. In addition, we have build a list of allowed SQL patterns so the system was running in the firewall mode. As a a result, no risk calculation were performed during our …

MySQL Database is a great product used by thousand of websites. Various web applications use MySQL as their default database. Some of these applications are written with security in mind, and some are not. In this article, I would like to show you how you can exploit SQL injection in order to gain almost full control over your webserver.

Most people know that SQL injection allows attackers to retrieve database records, pass login screens, change database content, through the creation of new administrative users. MySQL does not have a built-in command to execute shell commands, like Microsoft SQL server. I will show you how to run arbitrary commands using standard features provided by MySQL.

First of all, I would like to give a brief description of SQL injection, then I would like to present you with a couple less known methods that exist in MySQL, which I will use to backdoor a webserver. I will use 2 built-in MySQL commands - one …

After almost eight months of waiting, I am finally allowed to publish my thesis paper:

Design and Implementation of a Workflow Engine
This thesis discusses the design and implementation of a software component that faciliates the specification, management, and execution of so-called workflows. The discussion of this component's design includes the semantics and syntax of the underlying workflow model as well as the actual software design. The former builds upon the Workflow Patterns [BK03] terminology, the latter on the concepts of a Workflow Virtual Machine [SF04] and the idea that a workflow system should be comprised of loosely coupled components [DAM01, DG95, PM99].

The thesis paper is published under the Creative Commons Attribution 2.0 Germany license, the software that has been developed as part of this thesis has been released under the New BSD License as part of …

I am happy to announce that the SQL Injection chapter from my book, Guide to PHP Security has been published on MySQL's developer zone. You can find this chapter here.