back to article Perl devs solve ancient Riddle: 'What's a vuln we caught from Oracle?'

The Perl 5 database interface maintainers have issued an important patch for DBD—MySQL: in some configurations it wasn't enforcing encryption. As CVE-2017-10789 explains: “The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a 'your …

  1. sitta_europea Silver badge

    Does this affect MariaDB users too?

    1. Peter Rathlev

      Yes, MariaDB has the same weakness.

      https://mariadb.org/information-on-the-ssl-connection-vulnerability-of-mysql-and-mariadb-2/

    2. Frumious Bandersnatch

      Should do, because the DBD "middleware" (which is where the bug lies) talks to both mariadb and mysql using the same API.

  2. Anonymous Coward
    Anonymous Coward

    I remember perl...

    Not with any fondness, mind.

    1. Down not across

      Re: I remember perl...

      Each to their own. Personally, I'll take perl over for example python any day. Mostly because it is what I am comfortable with. Obviously if a particular language is more suitable for a specific task I am quite prepared to re-evaluate choice of language.

      TIMTOWTDI

    2. Anonymous Coward
      Anonymous Coward

      Re: I remember perl...

      I remember *my* perl with fondness.

      I remember *other people's* perl with the puzzled expression of someone looking at modem line noise.

      I think this may be a truism for all Perl users.

      Still, none of this whitespace-is-important nonsense though. <Takes cover>

      1. Ramazan

        Re: I remember *other people's* perl with the puzzled expression

        s/perl/code/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like