MySql.com Hacked With Sql Injection 288
iceco2 writes "MySql.com and associated sites were hacked today. Among other items some simple passwords were recovered and private emails were revealed. Ironically the attack was performed using a blind sql injection attack."
Re:Another report (Score:3, Interesting)
why is it ironic? (Score:1, Interesting)
USE BIND VARIABLES (Score:5, Interesting)
Jesus fuck, people. It's not rocket surgery.
If you use bind variables, you CANNOT be SQL-injected.
If you don't, you can be.
It's that fucking simple. Do The Right Thing.
Re:why is it ironic? (Score:2, Interesting)
Perhaps you need a little refresher on irony.
Few but the most naive would expect the MySQL.com site to be written by nubies and rubes so unsophisticated as to depend on remedial examples of anything found "floating around the 'net". To the contrary, most people would expect MySQL.com to be maintained to somewhat high levels of security in particular at the level of the database. This is the construction of the irony in this case.
"How ironic, now he's blind after a life of enjoying being able to see." -- Homer Simpson.
Comment removed (Score:5, Interesting)