-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> From: Ari Novikoff [mailto:[EMAIL PROTECTED]]
> AFAIK, the root MySQL password -is- relatively safe... but it
> still wouldn't
> hurt to create a dummy user with basic permissions to use for MySQL
> applications.
The MySQL root password is probably about as safe as you're ever
likely to see-- it's 76 at least semi-random characters (don't know
if it's generated using a crypto-grade PNRG, but it's a lot more
random than English text in any case), which is assuredly more secure
than any password you or I would think up off the tops of our
collective heads. The problem comes with using that password too
freely--it's possible (especially if the app in question has a
security flaw) that the DB password for an app could be compromised.
If that password happens to be your root password, the attacker now
has the ability to do anything he likes to any of your databases. If
it's the password of a user created just for that app, however, he
can only hose that app's database.
This is why I wrote my "How to change the MySQL root password" HOWTO
at http://www.familybrown.org/howtos/mysql-password-howto.html (which
is really a how-not-to, and which was meant seriously, in spite of
being posted on April 1).
- --
Dan Brown, KE6MKS, [EMAIL PROTECTED]
"Since all the world is but a story, it were well for thee to buy the
more enduring story rather than the story that is less enduring."
-- The Judgment of St. Colum Cille
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBPLy/kn6CI7gsQbX8EQJwXQCg10yAXBCXHgcYiXAii/qmFURQxZUAnR7u
kWTuKOU80RmqVsYrmOm00O0L
=w4uV
-----END PGP SIGNATURE-----
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
