On 18.08.2010 00:02 CE(S)T, Anders Kaseorg wrote: > This same issue was reported back in 2004 and ignored: > http://bugs.mysql.com/bug.php?id=3138
Oh dear, 2004... > I think this is a serious security problem that demands more attention > than dismissal as documented behavior. To solve it, there needs to be a > way to force the use of SSL from the client side. I have another suggestion: remove SSL support from MySQL alltogether and declare the protocol as unsafe and only use it over secure networks like VPN. Since MySQL is now Oracle and it's not Oracle's main business, regarding recent bad news about Oracle, we can imagine what will happen this time. Exactly! Nothing. (Oh look, the "MySQL" guy already has an oracle.com e-mail address...) -- Yves Goergen "LonelyPixel" <nospam.l...@unclassified.de> Visit my web laboratory at http://beta.unclassified.de -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org