Error appears in the embedded database

A security expert has just warned that some problems in the embedded database, such as SleepyCat's company (recently belonging to Oracle) are likely to be exploited to get important information.

Ted Julian, deputy market manager of Application Security in New York, said: " Embedded databases are often appreciated but they still have weaknesses. Bad guys can get information about Configuration data stored in the router or customer data in a certain software ".

According to US research company Ovum, SleepyCat's BerkeleyDB database has been deployed more than 200 million times from network routers, mobile phones to business applications and on many popular websites. For example, Alcatel's routers are equipped with BerkeleyDB and Amazon uses BerkeleyDB in many important parts of the website. Google also uses BerkeleyDB to handle Gmail and user accounts. Information on these sites may be restricted if the administrator forgets to change the default ID and password.

Oracle and SleepyCat declined to comment. And Ben Chelf, technical director of Coverity security firm in San Francisco, said BerkeleyDB is one of the best software they have ever analyzed.

According to Julian, no case of data loss from embedded database errors has been detected, partly because they are small and difficult to detect problems. "But who knows what will happen," Julian said.

TN