[Phpmyadmin-devel] Re: MAJOR security hole
Marc Delisle
Delislma at CollegeSherbrooke.qc.ca
Tue Aug 13 05:56:04 CEST 2002
Rabus wrote:
> ----- Original Message -----
> From: "Marc Delisle" <Delislma at CollegeSherbrooke.qc.ca>
>
>>Robin Johnson wrote:
>>
>>
>>>Hi Guys,
>>>
>>>
>>>And other nefarious things. I found a few sites where I could access
>>>
> their
>
>>>entire database with full rights, even some where they have configured
>>>
> the
>
>>>user to root and I could change the mysql database.
>>>
>>
>>I know at least one distribution of Linux that installs MySQL with user
>>root and no password.
>>
>
> MySQL ships with this configuration as default to make the first access
> easy. But of course this is not meant to be left like this after the server
> has been configured.
>
>
>>Let's add a red warning when we detect that they are using 'config' auth
>>mode, with a blank password, to try to educate the admin of this system.
>>
>
> I agree.
>
Done!
--
Marc Delisle
More information about the Developers
mailing list