On Wed, Feb 18, 2009 at 4:59 PM, Arthur Pemberton <pemboa@xxxxxxxxx> wrote: > On Wed, Feb 18, 2009 at 6:22 PM, Aldo Foot <lunixer@xxxxxxxxx> wrote: >> On Tue, Feb 17, 2009 at 10:32 PM, Arthur Pemberton <pemboa@xxxxxxxxx> wrote: >>> I have yet to see what is so special about MySQL that makes having it >>> such a big issue. >> >> If anything at all: default accounts must be deleted or secured with passwords. > > Ok, bare with me awhile, but ... why? Or are you securing against > users who turn off their firewall? > > Because with a firewall up, an attacker would need to already have > access to the machine... in which case having passwords on MySQL is > useless. > > Installing mysql-server does not open your firewall. So you're suggesting that because you have a firewall it's ok to have accounts without passwords? My sense of system security is very different from your own... so maybe it's ok with you. BTW - the accounts I was referring to are those created by mysql, which are different from the system accounts. And yes, I know how installs and firewall relate. ~af -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
