Hi all
since ever, our default configuration is config which matches MySQL defaults. However we all know it is not really a good option from security point of view, because it might expose MySQL server from inexperienced user to public. I think it's time to change this.
1. Disallow logging in as root without password unless explicitly allowed in our config file.
2. Make cookie the default authentication method.
3. If no Blowfish secret is set, generate one on the fly and store it in the session - it should work for login, but it won't allow to recall username on next login, but if user wants this feature, he needs to set the secret in config.
Opinions to make such change in trunk?
On Wednesday 3 September 2008 11:53, Michal Čihař wrote:
- Disallow logging in as root without password unless explicitly
allowed in our config file.
Make cookie the default authentication method.
If no Blowfish secret is set, generate one on the fly and store it
in the session - it should work for login, but it won't allow to recall username on next login, but if user wants this feature, he needs to set the secret in config.
Opinions to make such change in trunk?
I'd be in favour. Especially the root-without-password issue seems to pop up from time to time, and I think that the number of users that willingly want to open up access for root+"" is very small. You could add an extra check if REMOTE_ADDR != 127.0.0.1, so localhost,root,"" is still possible as it would be with the mysql command line client, but any truly remote access isn't.
cheers, Thijs
Michal Čihař a écrit :
Hi all
since ever, our default configuration is config which matches MySQL defaults. However we all know it is not really a good option from security point of view, because it might expose MySQL server from inexperienced user to public. I think it's time to change this.
- Disallow logging in as root without password unless explicitly
allowed in our config file.
OK. You mean allowing this with a new parameter like AllowRootLogin?
- Make cookie the default authentication method.
See my answer for next one.
- If no Blowfish secret is set, generate one on the fly and store it
in the session - it should work for login, but it won't allow to recall username on next login, but if user wants this feature, he needs to set the secret in config.
We are not supposed to store credentials in session, so storing a blowfish secret there is not appropriate, IMO. This is why we have not (yet) chosen 'cookie' as default auth_type.
Maybe choosing 'http' would be better as a default?
Opinions to make such change in trunk?
Hi
Dne Wed, 03 Sep 2008 07:42:32 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca napsal(a):
OK. You mean allowing this with a new parameter like AllowRootLogin?
Something like this.
We are not supposed to store credentials in session, so storing a blowfish secret there is not appropriate, IMO. This is why we have not (yet) chosen 'cookie' as default auth_type.
It will be temporary credential to session only, I think it is okay to store there.
Maybe choosing 'http' would be better as a default?
I'm in favor for cookie, simply it is more user friendly.
Michal Čihař a écrit :
Hi
Dne Wed, 03 Sep 2008 07:42:32 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca napsal(a):
OK. You mean allowing this with a new parameter like AllowRootLogin?
Something like this.
Watch for confusion, we already have $cfg['Servers'][$i]['AllowRoot'].
We are not supposed to store credentials in session, so storing a blowfish secret there is not appropriate, IMO. This is why we have not (yet) chosen 'cookie' as default auth_type.
It will be temporary credential to session only, I think it is okay to store there.
Maybe choosing 'http' would be better as a default?
I'm in favor for cookie, simply it is more user friendly.
Ok then, will you work on this feature?
Marc
Hi
Dne Wed, 03 Sep 2008 08:47:41 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca napsal(a):
Michal Čihař a écrit :
Hi
Dne Wed, 03 Sep 2008 07:42:32 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca napsal(a):
OK. You mean allowing this with a new parameter like AllowRootLogin?
Something like this.
Watch for confusion, we already have $cfg['Servers'][$i]['AllowRoot'].
Okay.
We are not supposed to store credentials in session, so storing a blowfish secret there is not appropriate, IMO. This is why we have not (yet) chosen 'cookie' as default auth_type.
It will be temporary credential to session only, I think it is okay to store there.
Maybe choosing 'http' would be better as a default?
I'm in favor for cookie, simply it is more user friendly.
Ok then, will you work on this feature?
Yes.
Dne Wed, 3 Sep 2008 15:04:04 +0200 Thijs Kinkhorst thijs@debian.org napsal(a):
AllowRootWithEmptyPassword ?
I just commited it as AllowNoPasswordRoot, I hope it is okay ;-).
-
Marc Delisle -
Michal Čihař -
Thijs Kinkhorst