Michal Čihař a écrit :
Hi all
since ever, our default configuration is config which matches MySQL defaults. However we all know it is not really a good option from security point of view, because it might expose MySQL server from inexperienced user to public. I think it's time to change this.
- Disallow logging in as root without password unless explicitly
allowed in our config file.
OK. You mean allowing this with a new parameter like AllowRootLogin?
- Make cookie the default authentication method.
See my answer for next one.
- If no Blowfish secret is set, generate one on the fly and store it
in the session - it should work for login, but it won't allow to recall username on next login, but if user wants this feature, he needs to set the secret in config.
We are not supposed to store credentials in session, so storing a blowfish secret there is not appropriate, IMO. This is why we have not (yet) chosen 'cookie' as default auth_type.
Maybe choosing 'http' would be better as a default?
Opinions to make such change in trunk?