2 posts • joined 5 Apr 2013
If developers of database software actually cared about security, it would not matter whether you expose Apache or Postgresql.
But we have all been conditioned to expect database servers to have almost no security at all. You have to question whether that Expectation Of Shit is acutally correct.
When I used Oracle 8 more than ten years ago, it could be crashed by simply telneting into the listener port and then randomly hitting the keyboard. Note that I did NOT use the official API, I did not use any userids or passwords. Such was the extremely crappy state of Oracle security. If I had been a blackhat, I would have developed an exploit to own the entire database, there's little doubt about that.
Then MS, I read they had a very similar weakness which was discovered by some minor "fuzzing" of the client-server data stream. You could use that also before you entered a password.
Then MySQL. Just recently a colleague of mine discovered you could crash it by means of setting a trigger on an integer column and then inserting a "too big" value.
To conclude, commercial software typically is a Can Of Worms, security-wise.
I used Postgresql and found it to be quite regular, simple and not at all more complicated than anything else from DB/2 to Mysql. I BET Postgresql is much more secure, as we can inspect the code, while with the commercial vendors you have to trust the pledges of a slimy creature who only cares about extracting your money and diverting it into his pockets.
Elite software users such as Deutsche Börse get rid of Oracle and the other commercialware and are moving all their systems to Linux, Postgres, gcc and the like.
- +Comment Trips to Mars may be OFF: The SUN has changed in a way we've NEVER SEEN
- Vid Google opens Inbox – email for people too stupid to use email
- Pic Forget the $2499 5K iMac – today we reveal Apple's most expensive computer to date
- RUMPY PUMPY: Bone says humans BONED Neanderthals 50,000 years B.C.
- Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking?