Articles
From the phpinfos stats made in november 2006, we could extracts figures of MySQL versions being used with PHP.
The evolution of mysql libraries has two steps : the server must upgrade, and the libraries too. This way, they will take advantage of the new identification mecanism, which is much safer than the old one.
But sometimes, the SQL server or the application do not evolve, and the whole architecture is compelled to use the old identification mecanism, which is less safe.
Here are the figures :
This graphs show the percentage of PHP installation which still use an old mysql library.
PHP 3.0 and 4.0 all have and old librry, which is both historical and normal.
Then the percentage gets lower and lower, which is a good sign.
Though PHP 5.2 shows a resurgence of old versions.
Clic on the picture to get a better view.
This is the repartition of the libmysql versions being used with PHP. In November 2006, a short majority was still relying on the old versions. It is highly recommanded to upgrade mysql and use recent versions.
This article is linked to
David Coallier (44 visites) who blogued about the release of a crackage PoC (45 visites) for MySQL, using the old identification mecanism. Password Hashing as of MySQL 4.1 (59 visites)The above figures mesure the usage of libmysql 4.0 and older, when compiled with PHP. A PHP installation using MySQL 4.1 or better, but connecting to a 3.23 serveur will be just as weak, though it won't be detected by those stats.
| < Précédent | Suivant > |
|---|
Commentaires
Vous pouvez ajouter votre commentaire! |
Vous devez vous connecter pour commenter