Security flaws could corrupt open source databases

Grok Headline matches for Security flaws could corrupt open source databases

Flaws drill holes in open-source
databases

Flaws drill holes in open-source
databases 05/19/2004 04:28 PM
Vulnerabilities in two popular applications used by developers to store program code could allow attackers to corrupt open-source projects.

Two Open-Source Databases Spring
Security Leaks

Two Open-Source Databases Spring
Security Leaks 05/20/2004 08:20 PM
A researcher has found critical flaws in CVS and Subversion; updates have been posted.

New flaws foul open-source security

New flaws foul open-source security 06/10/2004 08:05 AM
ZDNet Jun 10 2004 12:14PM GMT

More flaws foul security of open-source
repository

More flaws foul security of open-source
repository 06/09/2004 05:29 PM

Battle of the Open Source Databases

Battle of the Open Source Databases 03/20/2003 01:05 PM
2003 promises to be a big year for open source products. Linux is poised to keep capturing market share in the server and desktop markets, and Apache undoubtably will remain champion of the Web server sector. Will this year be good to open source databases as well?

Will DB2 and Oracle databases go open
source?

Will DB2 and Oracle databases go open
source? 08/06/2004 06:25 AM
A prediction that both IBM DB2 and Oracle databases would head toward open source in some way by the end of the year got a little more interesting as Big Blue announced a partnership with the Apache Software Foundation to release its Cloudscape Java-based database to the community, which is turning the database into an open source project called Derby.

Like Linux, Databases Going Open Source

Like Linux, Databases Going Open Source 02/05/2005 10:05 PM

Why I prefer Open Source databases

Why I prefer Open Source databases 09/16/2002 07:41 AM
- By JT Smith - I've been working with databases for many years. I started out with Oracle and Informix then used a little Sybase. Then I discovered open source and used mSQL, MySQL, and PostgreSQL pretty extensively. Most recently I've been working with Oracle again, and just started playing with MSSQL. Why is any of this important? It’s important because I've seen the good and the bad of all these systems. And perhaps even more important are ...

CA, IBM Databases Join Open-Source
Parade

CA, IBM Databases Join Open-Source
Parade 08/09/2004 06:14 AM
IBM and CA are handing over parts of their Ingres r3 and Cloudscape relational database technologies to the open-source developer community.

Open Source Databases: As The Tables
Turn

Open Source Databases: As The Tables
Turn 06/11/2004 11:17 AM
A comparison of two databases, PostgreSQL 7.1 and MySQL 3.23 , of diabolical PHP experiments performed, and some strongly held opinions reversed. By Tim Purdue.

Open-source databases gaining favor

Open-source databases gaining favor 01/05/2004 11:03 AM
Big companies are warming up to open-source database software as an alternative to Microsoft products, according to a new study.

NewsForge: Will DB2 and Oracle Databases
Go Open Source?

NewsForge: Will DB2 and Oracle Databases
Go Open Source? 08/07/2004 07:19 PM
"MySQL Vice President of Marketing Zack Urlocker said databases and related software are among the technologies most impacted by open source..."

eWeek: Two Open-Source Databases Add
Enterprise Appeal

eWeek: Two Open-Source Databases Add
Enterprise Appeal 02/01/2005 09:06 PM
"Two new versions of the most popular open-source databases, MySQL and PostgreSQL, this month will deliver yet more features to make enterprises happy..."

Actual ODBC Driver for Open Source
Databases 1.0

Actual ODBC Driver for Open Source
Databases 1.0 06/29/2004 10:26 AM
Connect to MySQL and PostgreSQL databases from MS Excel X and FileMaker Pro.

New: Actual ODBC Driver for Open Source
Databases 1.0

New: Actual ODBC Driver for Open Source
Databases 1.0 06/29/2004 10:41 AM
Actual ODBC Driver for Open Source Databases is a Mac OS X ODBC driver that enables access to MySQL and PostgreSQL databases from applications such as Excel and FileMaker Pro.

Open source databases - a sword that
cuts both ways?

Open source databases - a sword that
cuts both ways? 04/04/2005 06:27 AM
Plus c'est la même chose

Open source databases climb corporate
ladder

Open source databases climb corporate
ladder 04/28/2004 08:38 AM

Open source databases gaining ground,
analysts say

Open source databases gaining ground,
analysts say 04/19/2004 04:14 AM
Open source databases have a bright outlook in low-end, Unix-friendly vertical markets, including telecommunications and retail. They have grown from niche use to widespread utilization, and while challenges remain, database deployment is emerging as more of a force for the growth and use of open source and Linux software, according to analysts and vendors.

CA, IBM Databases Join Open-Source
Parade (Ziff Davis)

CA, IBM Databases Join Open-Source
Parade (Ziff Davis) 08/09/2004 07:18 AM
Ziff Davis - IBM and CA are handing over parts of their Ingres r3 and Cloudscape relational database technologies to the open-source developer community.

eWEEK: Open-Source Databases Hike
Enterprise Appeal

eWEEK: Open-Source Databases Hike
Enterprise Appeal 08/20/2002 01:33 PM
"The creators of the open-source databases MySQL and PostgreSQL are trying to push them further into the enterprise with new features aimed at better support for transactions, database recovery and replication..."

Update: Actual ODBC Driver for Open
Source Databases 1.2

Update: Actual ODBC Driver for Open
Source Databases 1.2 08/05/2004 10:21 AM
The Mac OS X ODBC driver adds changes for Apple Remote Desktop 2.0, improved translation between ISO-8859-1 and MacRoman character sets, and some bug fixes.

Like Linux, Databases Going Open Source
(Investor's Business Daily)

Like Linux, Databases Going Open Source
(Investor's Business Daily) 02/05/2005 09:41 PM
Investor's Business Daily - IBM and Oracle -- two of Linux's biggest patrons -- have relished the effect the free software has had on Microsoft and other foes.

Flaws drill holes in open-source
repository

Flaws drill holes in open-source
repository 05/20/2004 01:11 AM
ZDNet May 20 2004 5:21AM GMT

Study Finds Fewer Flaws in Open-source
Code

Study Finds Fewer Flaws in Open-source
Code 12/16/2003 05:22 PM
Software inspection firm Reasoning says MySQL source code contained fewer flaws than its commercial counterparts. But others question Reasoning's reasoning.

internetnews.com: Study Finds Fewer
Flaws in Open-Source Code

internetnews.com: Study Finds Fewer
Flaws in Open-Source Code 12/17/2003 07:16 PM
"Code quality in a version of the MySQL open-source database was found to be six times superior to that of comparable proprietary code, according to a recent study of open-source software products by tech development firm Reasoning..."

Top Open-Source Security Applications

Top Open-Source Security Applications 06/17/2005 03:37 PM

Defending Open Source Security

Defending Open Source Security 02/14/2004 08:03 AM

Open Source Security: Still A Myth

Open Source Security: Still A Myth 09/17/2004 11:52 AM

Open Source Law and National Security

Open Source Law and National Security 09/13/2004 05:19 AM
How many paragraphs of rules and regulations can a society have before no one can predict how it will respond to critical situations? The answer, as demonstrated on 9/11/2001 is: "Not very many." Lawyers need to go open source and let the public bang on their code.

Cryptography and the Open Source
Security Debate

Cryptography and the Open Source
Security Debate 07/20/2004 02:34 PM

Security holes splatter Open Source

Security holes splatter Open Source 06/11/2004 04:54 AM

An eye opener on open source Internet
security

An eye opener on open source Internet
security 07/26/2004 08:46 AM

DOES open source software enhance
security?

DOES open source software enhance
security? 03/06/2004 02:04 AM

Microsoft, Open Source and National
Security

Microsoft, Open Source and National
Security 04/23/2004 01:24 AM
Two weeks ago, I wondered out loud about the top 10 worst IT business decisions ever made and nominated HP's decision to follow DEC down the road to oblivion for top spot. Today I'd like to suggest that the U.S. Defense Department's continued use of Microsoft's software is likely to top a future list of this kind. The equation here is simple. First, recognize that Microsoft's software security depends crucially on keeping its source code secret. That's not a comment from an anti-Microsoft bigot -- it's the testimony given under oath by Microsoft vice president Jim Allchin. Even limited release of Microsoft's code, Allchin told judge Colleen Kollar-Kotelly's federal court in May 2002, would threaten national security because the code is both seriously flawed and widely used in the Defense Department. But consider that only nine months later, in February 2003, Microsoft announced an agreement giving communist China full access to the source code for Windows and related tools.

Open Source a National Security Threat

Open Source a National Security Threat 07/27/2004 11:22 AM

Missing Open Source Security Tools?

Missing Open Source Security Tools? 06/28/2004 06:16 PM

Open-Source Security Tools Touted at
InfoSec

Open-Source Security Tools Touted at
InfoSec 04/05/2005 10:21 PM
A security consultant encourages cash-strapped businesses to consider open-source security tools and utilities to help cope with the increasing spate of malicious hacker attacks.

Web Security Errors and an Open Source
Revenue Opportunity

Web Security Errors and an Open Source
Revenue Opportunity 01/14/2003 06:32 PM
Web Security Errors I normally wouldn't blog this much but so many of us here do web development that its good for all of us to review these. Yes I know we all know better but I'd virtually guarantee that we all have done at least one of these in the last 24 months: Unvalidated parameters: Information from Web requests isn't validated before being used by a Web application. Attackers can use these flaws to attack backside components through a Web application. Broken access control: Restrictions on what authenticated users are allowed to do aren't properly enforced. Attackers can exploit these flaws to access other users' accounts, view sensitive files, or use unauthorized functions. Broken account and session management: Account credentials and session tokens aren't properly protected. Attackers who can compromise passwords, keys, session cookies, or other tokens can defeat authentication restrictions and assume other users' identities. Cross-site scripting flaws: The Web application can be used as a mechanism to transport an attack to a user's browser. A successful attack can disclose the user's session token, attack the local machine, or spoof content to fool the user. Buffer overflows: Web application components in some languages that don't properly validate input can be crashed and, in some cases, used to take control of a process. These components can include CGI, libraries, drivers, and Web application server components. Command injection flaws: Web applications pass parameters when they access external systems or the local operating system. If an attacker can embed malicious commands in these parameters, the external system may execute those commands on behalf of the Web application. Error-handling problems: Error conditions that occur during normal operation aren't handled properly. If an attacker can cause errors that the Web application doesn't handle, he or she can gain detailed system information, deny service, cause security mechanisms to fail, or crash the server. Insecure use of cryptography: Web applications frequently use cryptographic functions to protect information and credentials. These functions and the code to integrate them have proven difficult to code properly, frequently resulting in weak protection. Remote administration flaws: Many Web applications let administrators access a site using a Web interface. If these administrative functions aren't very carefully protected, an attacker can gain full access to all aspects of a site. Web and application server misconfiguration: Having a strong server configuration standard is critical to a secure Web application. These servers have many configuration options that affect security and aren't secure out of the box. [_Go_] The full report is here. Nice job guys. Thank you. And Just One More Oh and I'd also kick in one other security glitch that's related to these but not specifically mentioned: Installing Open Source applications on the quick. You know the drill -- you grab some code, install it and then poof! The client is running it and is happy so you kinda ignore it. And you don't realize that the default installation leaves the password in the clear! Think I'm kidding? For example a lot of php applications use .inc for include files as their extension so config.inc is viewable by anyone who knows it exists. A Chance for Open Source Revenues Although I have no actual metrics on this I suspect it is quite common. Now this makes me think that a possible revenue opportunity for Open Source authors is something like "Security Check", for $99 or $X (per server), I'll check over your installation and make sure you don't have any holes. Given that a lot of Open Source applications are rolled into hosting / consulting, it would be relatively easy to pass this type of cost onto the ultimate customer.

Apple Cites Open Source Core Security

Apple Cites Open Source Core Security 09/02/2004 12:41 AM
Slashdot Sep 2 2004 4:37AM GMT
Grok Description matches for Security flaws could corrupt open source databases
GrokA matches for Security flaws could corrupt open source databases

Security flaws could corrupt open source databases

The following phrases have been identified by the grok system as matching this entry: