l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2004 Mar 15 10:16

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] mysql: printing all users and databases
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] mysql: printing all users and databases



On Mon, Mar 15, 2004 at 09:03:01AM -0800, Peter Jay Salzman wrote:
> 
> i'll give it a try.  i have to say, i'm a little disheartened with
> mysql.  i just want it to "work" and be secure.

Perhaps you can decide if MySQL is going to work for you or be secure
enough after reading the documentation.

> from reading the docs, it _appears_ (although it doesn't say
> explicitly) that not only does each username have a password, each
> user has a password for each hostname.  so 'root'@'localhost' may have
> a different password than 'root'@'someotherhost'.  that's just too
> bizarre for my mind.

The ability to have per host passwords for a user provides one more
layer of security.  If security is a concern, you should consider
denying root access from all hosts except the localhost.  In the "user"
table, the Host column can be specified as "%", indicating all hosts,
thus allowing a single password for a user, regardless of the host.

> it also looks like a database name of "mysql" may refer to the
> collection of all databases, but i haven't verified that yet.

The purpose of database "mysql" is for access privileges.  I suggest you
start reading about this first.  The access privilege system is actually
very flexible.

> plus having anonymous users... really, anonymous.  as in, so anonymous
> that they don't even have a username, is a really strange concept.  even
> anonymous ftp users have a username of "anonymous".

That is why most people delete the row with the empty "User" column from
table "user", or they should anyway.

-David
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.