2008-11-17 13:11:03

"IT-Grundschutzhandbuch" against MySQL

The so-called IT-Grundschutzhandbuch of the German federal bureau of security in the information technology (BSI) openly pronounces itself against MySQL:

Zum Schutz der Datenbankintegrität muss die Datenbank-Software über ein vollständiges Transaktionssystem verfügen, welches dem ACID-Prinzip genügt.

(In order to assure data integrity, the database software must feature a full-blown transaction system which adheres to the ACID principle.)

As it is widely known, MySQLs transaction system, which was introduced only in version 4.0, does not satisfy the ACID criteria. Since the BSI also offers the BSI Grundschutzzertifizierung, which follows the guidelines laid out in the IT-Grundschutzhandbuch, this means that in order to obtain this certification, one cannot use MySQL — at least not as a database system.

As a side note, a number of German contract partners as well as numberous government agencies require their suppliers to have a BSI Grundschutzzertifizierung.

As a rather funny side note: according to a recent analysis by Alvar Freude, it is very likely that the new E-Petition site of the German parliament will fail not only the tests outlined in its own requirement specifications as well as accessibility guidelines, but also the very IT-Grundschutz certification.

Posted by Tonnerre Lombard | Permanent link | File under: news, standards