On Jan 31, 2005, at 11:03 AM, Paul McNett wrote:
> I'm wondering why both these exploits (MySQL / PostgreSQL) seem to be
> contained to Windows systems. It would seem to suggest that they are
> problems not with the database products but rather with the OS.
It's a weak password to the Internet-exposed service, followed by no OS
security: once the database password is cracked, normal database
commands to dump data values to disk and then load the dump as an
executable worm work in Windows. Such tactics aren't as easy in OSes
with an executable flag.
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com
©2005 Ted Roche |
