On Sep 22, 2008, at 7:10 AM, Rainer Müller wrote: > MacPorts wrote: >> Changed page "howto/MAMP" by [EMAIL PROTECTED] from >> 76.244.68.113* >> Page URL: <http://trac.macports.org/wiki/howto/MAMP> >> Diff URL: <http://trac.macports.org/wiki/howto/MAMP? >> action=diff&version=19> >> Revision 19 >> Comment: revert incorrect change to root password setting >> instructions >> >> -------8<------8<------8<------8<------8<------8<------8<------8<---- >> ---- >> Index: howto/MAMP >> ===================================================================== >> ==== >> --- howto/MAMP (version: 18) >> +++ howto/MAMP (version: 19) >> @@ -110,9 +110,10 @@ >> Set the MySQL `root` password (it's currently empty): >> >> {{{ >> -mysqladmin5 -u root password -p >> -}}} >> -This will ask for a new password for the MySQL `root` user. >> +mysqladmin5 -u root -p password <new-password> >> +}}} >> + >> +where `<new-password>` is your new desired root password. > > I see the old command failed with: > mysqladmin5: Too few arguments to change password > And if I remember correctly it was me who put it there to make the > process more secure.
I remember you making the change, but at the time I didn't think about it further or try the revised instructions. It's been so long since I set up my own MySQL servers that I forgot the specifics. > Seems like I misunderstood how '-p' works. The "-p" refers to the current password. For any MySQL command that needs a username and password, you can either use "-p<current- password>" (no space between "-p" and the current password) to supply your current password on the command line, or just use "-p" with no password, and you'll be prompted to enter your current password. But the mysqladmin program still requires you to provide the new password on the command line. > Typing in passwords directly on the shell prompt is not a good idea > for > security reasons. It will get saved in the shell history and is > visible > to all other users on the same machine in the list of running > processes. I tend to agree, however I consulted "man mysqladmin" and I did not see any alternative to supplying the new password on the command line. It was not listed as an optional parameter. > And the new command is also not absolutely correct. '-p' tells > mysqladmin5 to prompt for the old password (which is empty on initial > installation), so it will easily confuse users as they have to > leave the > "Enter your password" prompt empty. In what way is the command not correct now? I tested it and it works. If I type: mysqladmin5 -u root -p password foo then mysqladmin will prompt me for the current root password, and then set the root password to "foo". I added a clarifying sentence: http://trac.macports.org/wiki/howto/MAMP?action=diff&version=20 > Maybe it would be better to advice something like this (taken from > [1]): > > Terminal 1: > $ mysqld_safe5 --skip-grant-tables > > Terminal 2: > $ mysql5 > mysql> UPDATE mysql.user SET Password=PASSWORD('foo') WHERE > User='root'; > mysql> FLUSH PRIVILEGES; > > Although this way the password still ends up in .mysql_history, but at > least it is not exposed to everyone. > > I think the first method described in [1] using an init-file is most > secure, but is a bit complicated. The official install instructions > [2] > also use something like this method. > > Or we decide that the current instructions are safe enough for home > users (which mostly only have one user on their system), but add a > note > about security and that it should not be used on multi-user systems, > including a link to [2]. > > Rainer > > [1] > http://dev.mysql.com/doc/refman/5.0/en/resetting- > permissions.html#resetting-permissions-unix > [2] http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html It would probably be fine to leave the current instructions, but add a note about why it is insecure, and add a reference to the MySQL documentation for those who need more security. IMHO the MySQL distribution provides the mysqladmin program to do this, so it's reasonable to tell the user to use that. _______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
