On Jan 9, 2012, at 7:27 PM, Reindl Harald wrote: > Nessus/OpenVAS Test detects the exact server version > _____________________________________ > > NVT: MySQL Detection (OID: 1.3.6.1.4.1.25623.1.0.100152) > Overview: MySQL, a open source database system is running at this host. > MySQL Version '5.5.19-log' was detected on the remote host. > _____________________________________ > > is there any way to not disclosure the mysqld-version for > a anonymous connected client?
For the case you give below, no authentication has yet taken place, so you don't know whether the client is anonymous or not. But the version is needed for proper client-server negotiation to take place, I believe. Even if that were not true, any client, anonymous or not, can use SELECT @@version or SELECT VERSION() to get the version. > > [harry@srv-rhsoft:~]$ telnet localhost 3306 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > N > 5.5.19-logs+%b?QYO]g��ke8'Xg~e\}!(mysql_native_password > > > > -- Paul DuBois Oracle Corporation / MySQL Documentation Team Madison, Wisconsin, USA www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql
