You seem to see threats as a "black and white" problem. Put enough "what ifs" in front of a statement, and nothing anywhere has any security at all.
On 15 Nov 10, at 23:30, mysql-digest-h...@lists.mysql.com wrote: > From: "Daevid Vincent" <dae...@daevid.com> > Date: 14 November 2010 13:22:02 PST > To: <mysql@lists.mysql.com> > Subject: RE: FW: [USN-1017-1] MySQL vulnerabilities > > > I don't think you understand how many exploits work. Through some social > engineering or plain brute force or rainbow tables I can get the user/pass > for many typical users. I could also give you some code and tell you to run > it and thereby my code is executed as an "authenticated user" without you > even knowing it. And here's another statistic you might not be aware of -- > most "hacking" attempts are done BY people INSIDE a company, not external to > it. It's extremely foolish and short-sighted to think that your system is > safe unless it's in a "glass jar" and YOU are the ONLY user on it. Even > then, YOUR account could be compromised too. ---------------- Thought is the sculptor who can create the person you want to be. -- Henry David Thoreau :::: Jan Steinman, EcoReality Co-op :::: -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
