From: Martin Gainty Date: May 24 2010 8:42pm Subject: RE: Security issues List-Archive: http://lists.mysql.com/mysql/221692 Message-Id: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="_5149cb2e-bb97-4d45-be39-a82cf0a90fc3_" --_5149cb2e-bb97-4d45-be39-a82cf0a90fc3_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Good Afternoon Rob- =20 if you're implementing either glassfish or weblogic webserver=20 your "best fit solution" would be Oracle Identity Manager =20 there are 'other' identity solutions such as RSA which are=20 1)far more complex .. 2)virtually hackproof.. at random intervals RSA implements an alternate encryption algorithm with a= n alternate keysize RSA issues smart cards which contain sufficient biometric information to au= thenticate you (and pass the authentication token to the OS) does this help? Martin Gainty=20 ______________________________________________=20 Verzicht und Vertraulichkeitanmerkung/Note de d=E9ni et de confidentialit= =E9 =20 Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaeng= er sein=2C so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiter= leitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient l= ediglich dem Austausch von Informationen und entfaltet keine rechtliche Bin= dungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen w= ir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut =EAtre privil=E9gi=E9. Si vous n'=EAtes= pas le destinataire pr=E9vu=2C nous te demandons avec bont=E9 que pour sat= isfaire informez l'exp=E9diteur. N'importe quelle diffusion non autoris=E9e= ou la copie de ceci est interdite. Ce message sert =E0 l'information seule= ment et n'aura pas n'importe quel effet l=E9galement obligatoire. =C9tant d= onn=E9 que les email peuvent facilement =EAtre sujets =E0 la manipulation= =2C nous ne pouvons accepter aucune responsabilit=E9 pour le contenu fourni= . =20 > From: wultsch@stripped > Date: Mon=2C 24 May 2010 13:27:52 -0700 > Subject: Re: Security issues > To: jerry@stripped > CC: mgainty@stripped=3B mysql@stripped >=20 > On Mon=2C May 24=2C 2010 at 12:07 PM=2C Jerry Schwartz = wrote: > >>-----Original Message----- > >>From: Rob Wultsch [mailto:wultsch@stripped] > >>Sent: Saturday=2C May 22=2C 2010 11:52 AM > >>To: Martin Gainty > >>Cc: mysql@stripped > >>Subject: Re: Security issues > >> > >>On Sat=2C May 22=2C 2010 at 5:44 AM=2C Martin Gainty wrote: > >>> Good Morning Rob- > >>> > >>> one vulnerability (with UDFs) > >>> http://dev.mysql.com/tech-resources/articles/security_alert.html > >>> > >>> a manager considering a enterprise-wide security solution may want > >>> to consider Oracle Identity Manager (with Glassfish 3.2) > >>> http://under-linux.org/en/content/oracle-introduces-schedule-for-glas= sfish- > >>556/ > >>> > >>> Does this help? > >>> Martin Gainty > >> > >>Martin=2C > >> > >>Thank you for the reply. > >> > >>The guys across the street have a single page with cliff notes about > >>every vulnerability effecting every supported version*. The page I > >>noted was comprehensive. Martin=2C what you listed was a page with an > >>single vuln and a page which looks like a product. > >> > > [JS] This is always a tough call for a software developer. On the one h= and=2C > > announcing an unfixed problem alerts users=3B but at the same time=2C i= t also > > alerts abusers. Some companies go one way=2C some go the other. > > > > Regards=2C > > > > Jerry Schwartz > > Global Information Incorporated > > 195 Farmington Ave. > > Farmington=2C CT 06032 > > > > 860.674.8796 / FAX: 860.674.8341 >=20 >=20 > I explicitly do not want a list of unfixed problems. I want a list of > fixed issues and what versions are effected. >=20 > --=20 > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dmgainty@stripped >=20 =20 _________________________________________________________________ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with H= otmail.=20 http://www.windowslive.com/campaign/thenewbusy?tile=3Dmulticalendar&ocid=3D= PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5= --_5149cb2e-bb97-4d45-be39-a82cf0a90fc3_--