Hello Simon.
On Fri, Jun 15, 2001 at 05:08:18PM -0400, [EMAIL PROTECTED] wrote:
> Could not find a bug report form. So I am telling y'll...
>
> Platform: FreeBSD 4.3 (I do not think it matters)
>
> After creating a new database, I ran:
>
> update user set password = 'SomeJunk' where user = 'root';
>
> This inserts the string 'SomeJunk' literally into the database,
> unencrypted. This is SQL expected but the result is a database
> lockout (not to mention the security breach of having the clear
> password stored in a file.
As you say yourself, this is expected behaviour. Only because a
certain statement could be used in a false way, MySQL should not break
the SQL standard. Btw, which behaviour would you suggest?
> I got the smart idea to assign a root password like this from the
> Bugzilla-Guide.txt file that comes with Bugzilla.
Tips for resetting the root password can be found here:
http://www.mysql.com/doc/R/e/Resetting_permissions.html
but I assume you already did that, because you are quoting the user
table below.
>
> If there is a better way to assign passwords, please let me know.
With "setting password" in the search form of the mysql online manual
I found as second suggestion: "6.15 Setting Up Passwords":
http://www.mysql.com/doc/P/a/Passwords.html
> mysql> select host, user, password from user;
> +-----------+---------+------------------+
> | host | user | password |
> +-----------+---------+------------------+
> | localhost | root | 7d30d6e5796d165e |
> | nomis | root | 7d30d6e5796d165e |
I would strongly suggest to refrain from posting passwords publically
(encrypted or not), except if you are using test passwords which you
will change soon again.
> | localhost | | |
> | nomis | | |
> | localhost | ShimonR | 7d30d6e5796d165e |
> +-----------+---------+------------------+
> 5 rows in set (0.00 sec)
>
> Does this mean that any user from localhost or from nomis can connect?
Yes.
Bye,
Benjamin.
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php