Organic Growth

By Lisa Vaas  |  Posted 2005-02-01 Print this article Print

However, the fact that were talking about an open-source database gives a sneaky twist to what should be a simple issue of password policy-setting or vulnerability scanning. As pointed out to me in a recent conversation with AppSecs Ted Julian, vice president of marketing, open-source software such as MySQL has the potential to get into an enterprise casually, since its free and can be readily downloaded. Many MySQL instances tend to be local, organic ones. As such, IT departments have little to no awareness they exist, Julian said. Click here to read about how third-party developers are picking up the slack in database security.
"There could be shops that are very well hardened on the SQL Server front that could have been surprised just because of the database they targeted," Julian said.
Not that every MySQL downloader is oblivious to the need for strong passwords. Jason Bailey, a network engineer and Web developer who works at a small-town newspaper in Utah, uses MySQL to house data that powers the papers Web site—a typical use for MySQL. Baileys employer uses a Windows 2003 server running MySQL, but its a slave server, used as backup, as opposed to being always active. Bailey hasnt had issues with MySQL on Windows security, but he uses the database almost exclusively for Web applications. Over 80 percent of connections to the MySQL daemon are from the local host, he told me. When it comes to organic adoption of MySQL within networks, a small outfit such as Baileys newspaper employer doesnt have much of an issue, but he and other users Ive spoken with can certainly see the potential. "I can easily see that being the case in some of the large networks in our area (ISPs, college networks, etc.), who are barely opening up to the idea of open-source database technology," he wrote in an e-mail exchange. "Large networks, at least in our area, are slower to embrace open-source databases. The lack of high licensing and usage fees is alluring, but many are afraid the open-source equivalents wont hold up or arent robust enough." Thus, because theyre too timid to open the front door to open-source databases, enterprises find databases slip in through the back door. Because of casual download, its very likely that there are more inexperienced MySQL users than users of expensive, heavily IT-regulated commercial databases. Next Page: ABCs of password security.

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel