[Phpmyadmin-devel] Re: MAJOR security hole

Rabus rabus at bugfixes.info
Mon Aug 12 08:07:03 CEST 2002


----- Original Message -----
From: "Marc Delisle" <Delislma at CollegeSherbrooke.qc.ca>
> Robin Johnson wrote:
>
> > Hi Guys,
> >
> >
> > And other nefarious things. I found a few sites where I could access
their
> > entire database with full rights, even some where they have configured
the
> > user to root and I could change the mysql database.
>
>
> I know at least one distribution of Linux that installs MySQL with user
> root and no password.

MySQL ships with this configuration as default to make the first access
easy. But of course this is not meant to be left like this after the server
has been configured.

> Let's add a red warning when we detect that they are using 'config' auth
> mode, with a blank password, to try to educate the admin of this system.

I agree.

Alexander






More information about the Developers mailing list