I want to know which database is more secure: mysql or pgSQL.
我想知道哪个数据库更安全:mysql或pgSQL。
Which ones support stored procedures?
哪些支持存储过程?
What are the advantages of one over the other?
一个优于另一个的优点是什么?
5 个解决方案
#1
Neither is "more secure". The database software is only as secure as you make it. If your application is poorly written, neither one will be secure, and vice-versa.
两者都不“更安全”。数据库软件只有你做的安全。如果您的应用程序编写得不好,那么任何一个都不会安全,反之亦然。
Both databases support stored procedures. (MySQL, PostgreSQL)
两个数据库都支持存储过程(MySQL,PostgreSQL)
As for pros and cons of each, see this question.
至于每个人的利弊,请看这个问题。
#2
PostgreSQL supports some more security features than mysql, for example integration with GSSAPI or Kerberos for logins (last I checked, mysql didn't have these).
PostgreSQL支持比mysql更多的安全功能,例如与GSSAPI或Kerberos集成进行登录(最后我检查过,mysql没有这些)。
Traditionally, PostgreSQL has had fewer security issues than MySQL, but they are both doing very well on that.
传统上,PostgreSQL的安全问题比MySQL少,但他们在这方面做得很好。
In the end, your security is much more likely to depend on how you use the database, and not which database you use.
最后,您的安全性更可能取决于您使用数据库的方式,而不是您使用的数据库。
Both have Stored Procedures these days, but PostgreSQL has much more flexible so far (for example, support for stored procedures in perl, python, tcl, R etc)
这两天都有存储过程,但到目前为止PostgreSQL更灵活(例如,支持perl,python,tcl,R等存储过程)
#3
Security is an aspect of your application code and deployment scenario.
安全性是应用程序代码和部署方案的一个方面。
Even the "securest DB of the world" will fail to protect you when you:
即使是“世界上最安全的数据库”也无法在以下情况下保护您:
- Store user passwords in the DB in clear text
- Use a root account with password "root"
- Allow remote connections to the DB (although it's only user, your application, connects from localhost)
以明文形式将用户密码存储在数据库中
使用密码为“root”的root帐户
允许远程连接到数据库(虽然它只是用户,您的应用程序,从localhost连接)
etc
#4
No there is no security difference. Which database you choose will not impact the security of your application, it really depends whether it's built correctly or not.
没有安全性差异。您选择哪个数据库不会影响应用程序的安全性,这取决于它是否正确构建。
Your database servers won't be on a public network anyway, will they? If so, it doesn't really matter - only people who can get into your VPN can access them.
无论如何,您的数据库服务器不会在公共网络上,是吗?如果是这样,那并不重要 - 只有能够进入VPN的人才能访问它们。
The passwords for the database are normally held in the clear in files on your application servers. This is not a security risk if done correctly.
数据库的密码通常保存在应用程序服务器上的clear文件中。如果正确完成,这不是安全风险。
#5
Stored Procedure in MySQL
MySQL中的存储过程
And as far as security is concerned, well it is mostly in your hands than in MySQL or Postgres.
就安全性而言,它主要掌握在MySQL或Postgres中。
#1
Neither is "more secure". The database software is only as secure as you make it. If your application is poorly written, neither one will be secure, and vice-versa.
两者都不“更安全”。数据库软件只有你做的安全。如果您的应用程序编写得不好,那么任何一个都不会安全,反之亦然。
Both databases support stored procedures. (MySQL, PostgreSQL)
两个数据库都支持存储过程(MySQL,PostgreSQL)
As for pros and cons of each, see this question.
至于每个人的利弊,请看这个问题。
#2
PostgreSQL supports some more security features than mysql, for example integration with GSSAPI or Kerberos for logins (last I checked, mysql didn't have these).
PostgreSQL支持比mysql更多的安全功能,例如与GSSAPI或Kerberos集成进行登录(最后我检查过,mysql没有这些)。
Traditionally, PostgreSQL has had fewer security issues than MySQL, but they are both doing very well on that.
传统上,PostgreSQL的安全问题比MySQL少,但他们在这方面做得很好。
In the end, your security is much more likely to depend on how you use the database, and not which database you use.
最后,您的安全性更可能取决于您使用数据库的方式,而不是您使用的数据库。
Both have Stored Procedures these days, but PostgreSQL has much more flexible so far (for example, support for stored procedures in perl, python, tcl, R etc)
这两天都有存储过程,但到目前为止PostgreSQL更灵活(例如,支持perl,python,tcl,R等存储过程)
#3
Security is an aspect of your application code and deployment scenario.
安全性是应用程序代码和部署方案的一个方面。
Even the "securest DB of the world" will fail to protect you when you:
即使是“世界上最安全的数据库”也无法在以下情况下保护您:
- Store user passwords in the DB in clear text
- Use a root account with password "root"
- Allow remote connections to the DB (although it's only user, your application, connects from localhost)
以明文形式将用户密码存储在数据库中
使用密码为“root”的root帐户
允许远程连接到数据库(虽然它只是用户,您的应用程序,从localhost连接)
etc
#4
No there is no security difference. Which database you choose will not impact the security of your application, it really depends whether it's built correctly or not.
没有安全性差异。您选择哪个数据库不会影响应用程序的安全性,这取决于它是否正确构建。
Your database servers won't be on a public network anyway, will they? If so, it doesn't really matter - only people who can get into your VPN can access them.
无论如何,您的数据库服务器不会在公共网络上,是吗?如果是这样,那并不重要 - 只有能够进入VPN的人才能访问它们。
The passwords for the database are normally held in the clear in files on your application servers. This is not a security risk if done correctly.
数据库的密码通常保存在应用程序服务器上的clear文件中。如果正确完成,这不是安全风险。
#5
Stored Procedure in MySQL
MySQL中的存储过程
And as far as security is concerned, well it is mostly in your hands than in MySQL or Postgres.
就安全性而言,它主要掌握在MySQL或Postgres中。