binaryone

Martin2006 the problem with writing temporary fixes to a problem caused by brinkster changing NO_BACKSLASH_ESCAPES is that when they up date to the latest version of mysql ( which they inevitably will), your data will be corrupt and then you will have to write another piece of code to go back and correct that. This might seem ok if you are the only one affected but when there are hundreds if not thousands who are affected the service provider should upgrade to the version of mysql that does not have the vulnerability.

Brinkster should have never changed NO_BACKSLASH_ESCAPES they should have dropped every thing and started an immediate upgrade of all servers. After all they are a SERVICE provider and they should provide a service, otherwise why pay them.

My other problem with brinkster is the way that they went about the whole problem, they changed the NO_BACKSLASH_ESCAPES with out any notification, how hard would it have been to send every one an email stating what they were doing and why. I know that I alone spent 3 days trying figure out what had gone wrong, my time is precious and I object to them wasting my time when an eamil would have helped.

I have another question ( rectorial )

If the vulnerability opens brinkster up to the possibility of attack, how many possible attacks are we talking? If the number is as I suspect (in the short term) very low to none, then don’t make changes to the configuration file which will brake every ones sites, say nothing, and start to upgrade to the latest version of mysql. If I am wrong and there is a high risk of attack, then instead of braking every ones site they should have start to upgrade to the latest version of mysql immediately. Either way the answer was never to take the slack way and hope no one notices. They should fix the problems not create them.

I am having a simular problem with brinkster

I can’t save any thing with a an apostrophe in it. eg the name O’Neall. I have had 4 discussion with support today. In the first discussion I asked

Don’t you find this a bit ridiculous what about words like Can’t, Where’s, She’ll, We’d, Didn’t, They’d, I’ve, You’ve, Who’s, He’s, Let’s, We’re, That’s. None of those can ever be entered into a database again?

There response was

You can easily create a script to replace the characters when entered into and read from the database.

This only made me more determined to get an answer. So after an argument about which version of MySql is running on the server where my site is I got this response.

We are preparing to update all the servers to the latest version. We hope to update all by the end of next week. I cannot say with any certainty that the upgrade will fix any problems. I believe it will solve the security problem recently discovered.

I am going to give them a bit of time to fix the problem but if they don’t I will be following it up and I will post what I think we all should do at that time.