Exploiting Architectural Design Flaws
This section covers the following:
- What design flaws exist?
- How are they exploited?
- How to recognize and defend against these attacks.
There have historically been various design flaws in MySQL, mainly affecting the authentication protocol, which were discussed previously in this chapter. This section covers the weak points of MySQL from a more general, architectural point of view.
Flaws in the authentication mechanism that allow remote users to authenticate without credentials are probably the most serious category of architectural flaw.
In broader philosophical terms, the largest weak point of MySQL is its relative simplicity, though in many ways this simplicity can also be considered a strength. As an example, an extremely useful feature of Microsoft SQL Server is the ability to execute queries on remote database servers — for example, you might send a query to server MS that looks something like this:
select * from openrowset( ...; MySQLHost, root, password; 'select * from mysql.user' ... )
The OpenRowset statement in SQL Server allows you to issue a query to another server — running a different DBMS — in the middle of your SQL Server query. Obviously this is open to abuse. One of the most popular abuses is to use this functionality as a means of portscanning the network that the SQL Server is in, since it will take different lengths of time to respond depending on whether the remote host is present, is a SQL Server, or is absent altogether. ...
Get The Database Hacker's Handbook: Defending Database Servers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.