Database Complexity is a Security Problem

Database Complexity is a Security Problem

At about the same time Oracle is releasing its quarterly patch, Sun is announcing MySQL 5.1, a major upgrade that brings more standard relational DBMS functionality to the open source platform. Is Oracle at risk of adding so many features that its flag ship product is moving past the database sweet spot to become an oversized monolith that will be replaced in some places with a minimalist alternative like MySQL 5.1?

Sun is adding standard relational features, like partitioning, events scheduling, row-based replication and disk-based clustering. And they are getting their house in order, according to a quote in ComputerWorld:

One thing we’re really most proud of is, frankly, we fixed a lot of outstanding bugs in 5.0,” said Urlocker, who was executive vice president of products at MySQL AB before it was bought by Sun.

Sun is focusing on fundamentals, like performance, scalability and reliability. That is what we want from a database. Oracle has mastered the fundamentals and is now moving on and that brings a new set of challenges.

Oracle’s April 2008 critical patch update affects core components, like audit, authentication, net services but also features with a more limited user base like advanced queuing, ultrasearch, and spatial. These features are certainly valuable to some but to other users, extra components mean more potentially vulnerable code that can be exploited. More Oracle customers will begin to ask for lighter weight alternatives, sometimes to control cost and sometimes to ease db administration burdens. A welcome side effect may be fewer vulnerabilities relative to feature set used.

Related Posts