tags:

views:

254

answers:

6
Q: 

pgSQL or mySQL is more secure?

I want to know which database is more secure: mysql or pgSQL.

Which ones support stored procedures?

What are the advantages of one over the other?

+4  A: 

Neither is "more secure". The database software is only as secure as you make it. If your application is poorly written, neither one will be secure, and vice-versa.

Both databases support stored procedures. (MySQL, PostgreSQL)

As for pros and cons of each, see this question.

musicfreak  2009-07-07 06:03:28
A default PostgreSQL is easier to exploit than a default MySQL because PostgreSQL allows for query stacking.
Rook  2010-07-02 22:19:25
@The Rook: You shouldn't use the default configuration of any database in a production environment. But either way, it would be *your* code that makes the database less secure, not the database itself.
musicfreak  2010-07-03 00:27:47
@musicfreak Security is about planning on failure. Thats why passwords are hashed, so that they cannot be used until they are broken. MySQL is more secure than PostgreSQL.
Rook  2010-07-03 06:19:15
+1  A: 

Security is an aspect of your application code and deployment scenario.

Even the "securest DB of the world" will fail to protect you when you:

  • Store user passwords in the DB in clear text
  • Use a root account with password "root"
  • Allow remote connections to the DB (although it's only user, your application, connects from localhost)

etc

cherouvim  2009-07-07 06:04:32
A: 

No there is no security difference. Which database you choose will not impact the security of your application, it really depends whether it's built correctly or not.

Your database servers won't be on a public network anyway, will they? If so, it doesn't really matter - only people who can get into your VPN can access them.

The passwords for the database are normally held in the clear in files on your application servers. This is not a security risk if done correctly.

MarkR  2009-07-07 06:08:21
A: 

Stored Procedure in PostgreSQL

Technofreak  2009-07-07 06:14:56
A: 

Stored Procedure in MySQL

And as far as security is concerned, well it is mostly in your hands than in MySQL or Postgres.

Technofreak  2009-07-07 06:19:22
+3  A: 

PostgreSQL supports some more security features than mysql, for example integration with GSSAPI or Kerberos for logins (last I checked, mysql didn't have these).

Traditionally, PostgreSQL has had fewer security issues than MySQL, but they are both doing very well on that.

In the end, your security is much more likely to depend on how you use the database, and not which database you use.

Both have Stored Procedures these days, but PostgreSQL has much more flexible so far (for example, support for stored procedures in perl, python, tcl, R etc)

Magnus Hagander  2009-08-13 06:44:31

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL