> Yet another database system had a bug which was used to create a fast-propagating worm, which crashed parts of the Internet simply due to propagating too fast.
This one is especially important to note because this result indicated that many people DO have their databases directly accessible from the Internet.
This means that the comment earlier
> Agreed. Restricting connections to a specific network is DBA 101.
>
> You are just bad if you aren't doing that already.
misses the point.
It may be DBA 101, but so many people are doing it wrong that a DB exploit was able to crash parts of the Internet
Posted Apr 8, 2013 14:19 UTC (Mon) by ortalo (subscriber, #4654)
[Link]
What about setting priorities on defence in depth for devel 101 also?
I mean, now that the kernel is secure enough, why not focus on the database engine?
Sounds to me a less moving target than the web browser or the javascript engine.
And there is much more valuable data inside: why bother about the credit card number when you can directly write in the ledger...?
A serious PostgreSQL security fix
Posted Apr 8, 2013 15:16 UTC (Mon) by spender (subscriber, #23067)
[Link]
> I mean, now that the kernel is secure enough, why not focus on the database engine?
