Webinar “Bau sicherer LAMP Anwendungen”

August 21st, 2008 | by Stefan Esser |

Last week I gave my first webinar for MySQL titled “Bau sicherer LAMP Anwendungen”. The webinar, which was a cooperation between MySQL and my company SektionEins, was held in german, covered SQL-Malware, SQL-Injection, safe programming and some tools to detect and block SQL-Injection attacks.

The recording of this webinar is now available on the MySQL site.

For those that only want to see my slides they are available on the MySQL site after registration or here.

Because it was a german webinar the recording and slides are in german, too.

  1. 10 Responses to “Webinar “Bau sicherer LAMP Anwendungen””

  2. By AntonioCS on Aug 21, 2008 | Reply

    You could have made an English version of the slides. I am not American nor British, but at least I understand English as I bet a lot of other people that read your blog.
    German is complicated :P

  3. By Stefan Esser on Aug 21, 2008 | Reply

    Yeah, I know that german is a problem for many parts of the world, but I also have german readers that want to have the slides.

    The problem with slides is that even if you translate them there is always the possibility that a slide is misunderstood.

    Unlike other people I always try to put enough information on a slide so that it is possible to understand the content without the talk, but that sometimes just fails.

    However IIRC all the other talks I give this year will be in english. Therefore english slides will be available.

  4. By hoffie on Aug 21, 2008 | Reply

    Sadly there really does not seem to be any way to watch this on Linux…
    I found http://www.thesraid.com/index.php/2008/03/10/webex-player-on-linux/ (well, Jan from MySQL pointed me to it), but sadly it neither shows video nor plays sound for me, so… rather useless.

  5. By Stefan Sels on Aug 22, 2008 | Reply

    You say that mysql lacks eval() and exec() on page 15.

    I have a quite recent case with malware written into /var/lib/mysql/public_html

    Is there a way to write stuff to that directory via php sql statements?

  6. By Stefan Esser on Aug 22, 2008 | Reply

    When you do not disable file support or the FILE privilege you can use something like


    to write to files on the server

    see http://dev.mysql.com/doc/refman/5.0/en/select.html

  7. By Stefan Sels on Aug 22, 2008 | Reply

    Time to check some permissions….what userid would such file have: mysql or www-data?

  8. By Stefan Esser on Aug 22, 2008 | Reply

    The files are written by MySQL so they will have MySQL as owner

  1. 3 Trackback(s)

  2. Aug 21, 2008: Webinar “Bau sicherer LAMP Anwendungen” | MySQL Security
  3. Oct 11, 2008: tronicum’s brainsnarf » Blog Archive » MySQL User file_priv entziehen
  4. Mar 5, 2009: Recent Faves Tagged With "webinar" : MyNetFaves

Post a Comment