Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: MySQL 5.0 information leak?

from [Duncan Simpson] Network Security [Permanent Link]
Subject: Re: MySQL 5.0 information leak?
Date: Sat, 28 Jan 2006 00:44:34 +0000 

Nobody has mentioned this yet, so maybe I should. Accpording to the MySQL 
documentation the infromation schema is database and there is no suggestion 
that the access controls do not work. You should be able to determine who has 
what access to the information schema using standard grant and revoke commands.

I know my database using code has no need for the information schema, because 
the queries and types of the results are both fixed in advance, albeit with 
some limited variable portions. The obvious tools not working, due to lack of 
access to the database schema, might slow down some crackers by a worthwhile 
amount.

The original poster might be well serverd by a program that does predetermined 
queries, using a restricted identity for extra security, and keeps the 
connection detials to itself. (I do not think obscuring the database structure 
is worth much except as one of a wider set of security measures.)
--k0QLwNOi013478.1138312704/mail.simpson.demon.co.uk
Content-Type: text/plain

Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  zbattle.net, c_lispfedora
Next by Date:  Re: Re: IndonesiaHack Advisory HTML injection in PHP Fusebox, pr1nce_empire
Previous by Thread:  RE: MySQL 5.0 information leak?, Burton Strauss
Next by Thread:  [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure, alex
Indexes:  [Date] [Thread] [Top] [All Lists]