Second, the core of Linux is "as good as MySQL," Hallem said, but the Linux project is "just a lot larger." "Linux has a lot of drivers out there that not many people use," Hallem said. "Does that really impact the kernel as a whole? No, not at all." In comparison, MySQL AB has managed to keep its code base small, he said. Database Topic Center Editor Lisa Vaas says we must educate downloaders of free software who are naive about security. Read more here.The problem, however, is moot, since all defects have been addressed by MySQL ABin short order. "We gave them the results about two weeks ago," Hallem said. "They had them all addressed in two days. It was a very fast turnaround." Zack Urlocker, vice president of marketing at MySQL, said the company was happy to find out about the flaws, and that fixes for all affected platforms and versions are now in placeeven if the so-called problems are actually impossible to exploit. "Some [defects] are theoretical and some are platform-specific," he said. "They look for things that [could potentially happen, such as] calling functions not checking return value[such things] where it may be theoretically impossible for it to cause problems, but well fix it anyway." Check out eWEEK.coms for the latest database news, reviews and analysis.
Hallem said that, according to one developer, one of the MySQL flaws could be exploited by a sequence of SQL statements.