Locked Down by Default

If it were up to some DBAs (database administrators), the seatbelts would lock tight as soon as a driver sat down. "I call [MySQL] a virus because the default installation makes no attempt to force the installing user to change the default passwords," said one senior Oracle DBA who requested anonymity. "All of the commercial databases do, and the other open-source database—my favorite, PostgreSQL—by default locks itself down hard. Do I blame MySQL for this? Yes. They could have the install process force a password change—anything is better than the defaults—and they could by default lock down access, like PostgreSQL does." Click here to read about Ingrian software that encrypts PeopleSoft application data. Urlocker said the question of disabling root accounts by default in the upcoming Version 5.0 is "an ongoing discussion." "[With] the install program, and other things were looking at, well be very proactive," he said. "We take [security] pretty seriously. Theres been a lot of discussion among developers of the balancing act between being easy to use and not letting anything become a potential problem for users." Indeed, MySQLs security seriousness was underscored by recent good news: The five Stanford University researchers at source-code analysis firm Coverity Inc. who analyzed the security of the Linux kernel over a period of four years are planning to release an analysis of the security and quality of MySQL code this month. They found the database to have an "excellent" bug density. For that story, click here. Check out eWEEK.coms for the latest database news, reviews and analysis.