At 11:02 -0600 3/24/03, Jeremy Tinley wrote:
Authorized != trusted.
If you're a hosting provider who allows access to MySQL for customers, your
users have access to see the version number by way of simply connecting to
their own database. Not that "mysql --version" from a shell doesn't give you
the same thing...
In fact, it may not give you the same thing. There is no guarantee that
any client program comes from the same distribution as the server.
but paying for a low end account, finding the version
number the host is running and finding an exploit for that version would
probably be what the original poster had in mind of preventing.
-----Original Message-----
From: Joseph Bueno [mailto:[EMAIL PROTECTED]
Sent: Monday, March 24, 2003 10:39 AM
To: Florian Effenberger
Cc: [EMAIL PROTECTED]
Subject: Re: disabling version number
Florian Effenberger wrote:
No, why?
Part of my security concept, I generally disable all version numbers.
You can patch mysql source and recompile ;)
However, if someone has enough access rights on your system to run
"select version();", showing mysql version number should be the least
important of your problems.
Regards,
Joseph Bueno
--
Paul DuBois
http://www.kitebird.com/
sql, query
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
