Like pretty much all software, it quite possibly has security flaws.
A big bonus though, is that it binds port 3306 by default so you don't need
to run it as root. Create a completely seperate user and group for it and
run it under that uid/gid. Ensure none of your root system scripts interact
with files that mysql can create. Make sure you understand the way it
handles login permissions using the 'mysql' database - documented in the
online manual at http://www.mysql.com. Make your mysql login permissions as
strict as possible. The built-in permission system allows for very
fine-grained permission configuration, so take advantage of it.
Don't run it as root.
jason
> Hi,
>
> I am not familiar with the current state of MySQL
> security. I know there were serious problems with
> previous versions, but that was a year ago.
>
> I am planning to install a program that use MySQL as
> backend on our external server. There are other
> important database server running on the server too.
> Does anyone know how secure the MySQL is? My program
> is using MySQL3.22. Are there advisories out on MySQL?
>
> Thanks.
>
> =====
> Abby
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
