----- Original Message -----
From: "Marc Delisle" <Delislma(a)CollegeSherbrooke.qc.ca>
Robin Johnson wrote:
>Hi Guys,
>
>
>And other nefarious things. I found a few sites where I could access
>
their
>entire database with full rights, even some
where they have configured
>
the
user to
root and I could change the mysql database.
I know at least one distribution of Linux that installs MySQL with user
root and no password.
MySQL ships with this configuration as default to make the first access
easy. But of course this is not meant to be left like this after the server
has been configured.
Let's add a red warning when we detect that
they are using 'config' auth
mode, with a blank password, to try to educate the admin of this system.
I agree.