Tom Lane wrote:
Steve Atkins <[EMAIL PROTECTED]> writes:
On Jun 23, 2007, at 11:03 AM, Magnus Hagander wrote:
Out of curiosity, how do other databases deal with this?
MySQL installs with an empty root password for access from
localhost or the machines own IP address. It also installs an
account with network access to any database beginning with
"test" and possibly some more ill-defined accounts with local
access.
FWIW, on mysql 5.0.42 I see only "[EMAIL PROTECTED]" and "[EMAIL PROTECTED]"
in a fresh-out-of-the-box installation; not sure where you got these
other accounts, maybe a distro-specific modification?
But the bottom line is that mysql's out-of-the-box behavior is
*exactly* like our trust-for-local-connections behavior. Anyone
on the box can do "mysql -u root ..." and the server will accept
them as being superuser (they don't even have to know to enter an
empty password, in my experience).
This is all documented. For 5.1.x see:
http://dev.mysql.com/doc/refman/5.1/en/default-privileges.html
Perhaps we should add a section to our docs on securing the database.
cheers
andredw
---------------------------(end of broadcast)---------------------------
TIP 7: You can help support the PostgreSQL project by donating at
http://www.postgresql.org/about/donate
