MySql.com Hacked With Sql Injection

iceco2 writes "MySql.com and associated sites were hacked today. Among other items some simple passwords were recovered and private emails were revealed. Ironically the attack was performed using a blind sql injection attack."

Re:Another report

[AsmCoder8088]

Okayyyyyyyy... MS astroturfing, anyone?

why is it ironic?

[larry bagina]

I would expect MySQL.com to be hacked with an SQL injection bug. They didn't support parameterized queries until version 5 or so and most mysql examples floating around on the 'net involve building your own query string from unchecked user parameters.

USE BIND VARIABLES

[MoNsTeR]

Jesus fuck, people. It's not rocket surgery.

If you use bind variables, you CANNOT be SQL-injected.

If you don't, you can be.

It's that fucking simple. Do The Right Thing.

Re:why is it ironic?

[Anonymous Coward]

Perhaps you need a little refresher on irony.

Few but the most naive would expect the MySQL.com site to be written by nubies and rubes so unsophisticated as to depend on remedial examples of anything found "floating around the 'net". To the contrary, most people would expect MySQL.com to be maintained to somewhat high levels of security in particular at the level of the database. This is the construction of the irony in this case.

"How ironic, now he's blind after a life of enjoying being able to see." -- Homer Simpson.

Comment removed

[account_deleted]

Comment removed based on user account deletion