On Mon, Dec 16, 2013 at 04:09:25PM +0100, Salvatore Bonaccorso wrote: [...] > allow anonymous access, without a password, from localhost to > the "test" database and any databases starting with "test_" that > users might have created after installing mysql-server. [..] > MySQL documentation recommends dropping these permissions and > the "test" database. > http://dev.mysql.com/doc/refman/5.5/en/default-privileges.html , > section "Securing Test Databases". > > mysql-server-5.1 in squeeze didn't setup these permissions and > didn't create the test database, the debian patches > 33_scripts__mysql_create_system_tables__no_test.dpatch and > 41_scripts__mysql_install_db.sh__no_test.dpatch removed the code > from /usr/bin/mysql_install_db and /usr/share/mysql/mysql_system_tables.sql . > > Please re-add these patches to mysql-server-5.5 and include some code
> in the pre/postinst script to remove these permissions and the > "test" database on current installations. I don't think we should do that. What if people *do* have a real-world test db on some test system? A DROP DATABASE would then simply be dataloss. (Never understimate "weird" paths/names (learned that myself the hard way once) One could argue about the permission thing, but then again, if it's some test-system with a test database.... Regards, Rene -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
