At 16:53 -0700 9/24/02, Tom Emerson wrote: >Being new to MySQL, it took a while to grok how "security" works. Now that >I have a bit of a better understanding, a mental "revalation" is coming to >the surface of my mind: since "mysql" users are NOT unix/windows-domain >"users", is the "root" user truly needed for a functional mysql environment? > >I do realize that there needs to be "some" user who essentially has all the >grantable columns set to "Y" in the USER table, otherwise you could lose the >ability to add or delete users, specify new databases, etc. I'm thinking >this "super user" could (should?) be identified by something such as "dba" >or "admin" -- anything other than the name of "root". This would avoid the >[probable] security hole of using the "unix" password as the "mysql" >password for the "root" user (something I suspect many people have done >without realizing the implications) simply because there would be no "root" >user.
The user name in the superuser accounts doesn't have to be named "root". It could just as well be "powerless". > >I'm kind of guessing that one reason that the name "root" was chosen was >because the command-line interface defaults the user name to your (unix) >session name. By pre-building a "root" user, the authors avoided the need >to "teach" the use of the "-u" switch during the initial setup of mySql >(which is good and bad: good because it is "one less thing" for a new mysql >admin to have to learn, bad because new admins haven't even been introduced >to the security system, so they are likely to use their actual "root" >password because they haven't yet been informed that mysql-users <> >unix-users...) --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
