• MySQL security: data integrity issues

    January 21, 2009

    MySQL's security model is not as elaborate as other popular databases. It's missing quite a lot. I wish to point out what I think are some very disturbing security holes, which may affect the database integrity. This post is not about Roles, Kerberos, IPs and such. It's about simple MySQL features, which allow common, unprivileged […]

  • Triggers Use Case Compilation, Part II

    January 15, 2009

    In Triggers Use Case Compilation, Part I, I've demonstrated some triggers use scenarios. We continue our examples of triggers usage. Counters and aggregations bookkeeping Consider the City table: each city belongs to a certain country. Some questions we may be interested in are: How many cities are there per country? What's the sum of cities […]

  • sql_mode: a suggestion

    January 11, 2009

    I thought this deserves more than a comment on my previous post on the subject, in which I expressed the opinion that sql_mode is undesired. Back to reality: sql_mode is here right now. What else can be done? Suggestion Is there anything to do about sql_mode? I believe so: make it strict by default.

  • Do we need sql_mode?

    January 8, 2009

    sql_mode must be one of the most elusive issues in setting up a MySQL database. It is also responsible for difficulties in migration, upgrading and securing of databases. MySQL usually has little issues with migrating database from one machine to another, one version to another, one OS to another, one architecture to another. If we're […]

  • Triggers Use Case Compilation, Part I

    January 5, 2009

    I've run by quite a few triggers lately on production systems. In previous posts, I've written about problems solved with triggers. So here's a compilation of some solutions based on triggers; and some problems which are not (yet?) solvable due to current triggers limitations. Triggers can be used to: Maintain integrity Enhance security Enhance logging […]

  • Using triggers to block malicious code: an example

    January 1, 2009

    Web applications face constant exploitation attempts. Those with a user base must keep their users' private data, well... private. While the MySQL security model allows restricting users access to databases, tables and even columns, it has no built in feature for restricting the rows access within the given table. One cannot allow a user to […]

 
Powered by Wordpress and MySQL. Theme by openark.org