MySQL and the SQL Injection fiasco

Embarrassing it is indeed when one (particularly one at the top of their trade) gets caught not doing what they should have been doing by setting an example.

The knowledge of existence of SQL Injection  is so common that it goes without saying that sites have to guard themselves against these types of attacks. So when MySQL.com gets hit with SQL Injection (and successfully at that), you begin to wonder; where do we go and bang our heads now. Well, at least that’s how folks at MySQL might be feeling right now. See, even now if you google “mysql sql injection“, you get links on what SQL injection is, how it is used to exploit database weaknesses and how to prevent it. So isn’t it ironic, don’t you think when MySQL.com itself is the victim?

Continue reading MySQL and the SQL Injection fiasco

Database Mail vs. McAfee VirusScan Enterprise

Lately I had been working on an assignment sending emails using SQL Server’s Database Mail. The only issue that I was having was that mails weren’t being sent out despite me double and triple checking the email profile, the SMTP settings and all the rest. This went on until it was time for lunch, when a colleague suggested the anti-virus program that we use. We use McAfee VirusScan Enterprise, and that was exactly what was giving me the problem. Apparently VirusScan prevents mass mailing worms from sending mail.

SQL Server Database Mail a mass mailing worm? Well looks like you can turn it into one!

 

Just uncheck the ‘Block’ for preventing mass mailing worms from sending mail under the Anti-virus Standard Protection category, and all shall work well.