Anyone who has full write privileges on the server can do just about
anything they want. No database password system is going to do much
good in that case.
All clear now! It is not the app (MySQL etc..) alone but the whole
environment (OS, users, rights etc...) that count also. Many people
(including myself until now) believe that because MySQL is a secure dbserver
they protected at any environment.
Thank you all
Vassilis
----- Original Message -----
From: "Ed Leafe" <[EMAIL PROTECTED]>
To: "ProFox Email List" <[email protected]>
Sent: Tuesday, September 05, 2006 4:45 PM
Subject: Re: [NF] Open Source Rookie + Database Servers
On Sep 5, 2006, at 9:16 AM, Vassilis Aggelakos wrote:
You're assuming that the password is stored in either an unencrypted
form
Definetely No. If you are a MySQL developer that knows what function
does the checking and returns .T. if we have a valid pwd then you can
easily modify the routine to return *always* .T.
Is it difficult?
Wait a second: you're assuming that you have complete write privileges on
the server, and can modify the software? Well, then sure, of course you
can do that. You can reformat the disk, too, while you're at it.
Anyone who has full write privileges on the server can do just about
anything they want. No database password system is going to do much good
in that case.
-- Ed Leafe
-- http://leafe.com
-- http://dabodev.com
[excessive quoting removed by server]
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
