Hi Shawn, I would assume that MySQL is installed mostly on production servers rather than in class room environments.
Wouldn't it make more sense for MySQL to be secure by default rather than insecure by default? It would make more sense to me if there was a 'mysql_insecure_installation' script that did the opposite and the steps done by 'mysql_secure_installation' were implemented by default. I suspect many developers are not even aware of mysql_secure_installation or the steps that it takes and the vast majority do not run it or the do the steps at all. In my opinion, additional steps shouldn't be taken to make MySQL more secure, instead additional steps should be taken to make it insecure if that is what is needed in certain environments. Thank you for the reply. Ryan On Tue, Dec 27, 2011 at 4:08 PM, Shawn Green (MySQL) <shawn.l.gr...@oracle.com> wrote: > Hello Ryan, > > > On 12/18/2011 15:36, Ryan Dewhurst wrote: >> >> Hi, >> Does anyone know why what's done in 'mysql_secure_installation' [0] >> isnot part of the default mysql installation? >> [0] http://dev.mysql.com/doc/refman/5.0/en/mysql-secure-installation.html >> Thank you,Ryan Dewhurst >> P.S. I also asked this question on the >> forums:http://forums.mysql.com/read.php?30,506069,506069#msg-506069 >> > > The script simply automates the steps documented in our manual, here: > http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html > > If you want to see the script in action: > * repeat a fresh install > * enable the General Query Log > * run the script. > > The General Query Log stores a copy of every command sent to a MySQL server > before the server even parses it. It's there as a diagnostic tool and should > not be enabled on a production machine unless there is a specific need to do > so. > > The steps of 'mysql_secure_installation' are not performed by default > because many people want to just get to know MySQL before putting it into > full production. This is most easily performed (especially in a classroom > setting) with an unsecured installation. Also the steps to secure the > installation can be leveraged as an excellent teaching tool for: > > a) How MySQL accounts are authenticated > b) Where the account information is stored > c) The different levels of authentication supported by MySQL. > > For those who don't want to read or learn, or for those who simply want to > automate their installation, there is the script. > > -- > Shawn Green > MySQL Principal Technical Support Engineer > Oracle USA, Inc. - Hardware and Software, Engineered to Work Together. > Office: Blountville, TN -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql
