Authorized != trusted. If you're a hosting provider who allows access to MySQL for customers, your users have access to see the version number by way of simply connecting to their own database. Not that "mysql --version" from a shell doesn't give you the same thing... but paying for a low end account, finding the version number the host is running and finding an exploit for that version would probably be what the original poster had in mind of preventing.
-----Original Message----- From: Joseph Bueno [mailto:[EMAIL PROTECTED] Sent: Monday, March 24, 2003 10:39 AM To: Florian Effenberger Cc: [EMAIL PROTECTED] Subject: Re: disabling version number Florian Effenberger wrote: >>No, why? > > > Part of my security concept, I generally disable all version numbers. > > You can patch mysql source and recompile ;) However, if someone has enough access rights on your system to run "select version();", showing mysql version number should be the least important of your problems. Regards, Joseph Bueno -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
