13 Aug
2002
13 Aug
'02
7:56 a.m.
Rabus wrote:
----- Original Message ----- From: "Marc Delisle" Delislma@CollegeSherbrooke.qc.ca
Robin Johnson wrote:
Hi Guys,
And other nefarious things. I found a few sites where I could access
their
entire database with full rights, even some where they have configured
the
user to root and I could change the mysql database.
I know at least one distribution of Linux that installs MySQL with user root and no password.
MySQL ships with this configuration as default to make the first access easy. But of course this is not meant to be left like this after the server has been configured.
Let's add a red warning when we detect that they are using 'config' auth mode, with a blank password, to try to educate the admin of this system.
I agree.
Done!
--
Marc Delisle