Also note that they could use this to do a brute-force search for the
root user's password. E.g., mysql -p -u root -h hishost (or the
equivalent in a c, perl, etc. program).
Date: 10 Apr 2001 16:57:41 -0700
From: Rusty Wright <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: only 1 entry per user in user table?
If you mean use % for the host in the user table, that has the
negative consequence that they can connect to the mysql server from
any machine on the internet; e.g. they can do
mysql -p -u dentry -h hishost
Since they're not specifying a databse they can get this basic
connection to the server. If they were to somehow know the user name
(for example, a disgruntled former employee) they could use this to do
a brute-force password search.
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
