At 13:35 -0500 3/24/03, Adam Nelson wrote:
I would be wary of disabling version(). That's the kind of annoying
thing that sys admins do when they don't understand the life of a
developer. Some programs and modules require the version() function to
work. Security to that extreme is only useful if you understand that it
may cause more downtime than a breakin. If that is understood and the
time/money spent is worth it, then that is fine.
I can only see this kind of security necessary for medical or classified
information.
I agree that it's a bad idea to disable VERSION(). There are many features
that are version-specific, and an application can tell whether or not
they are available by checking the version number.
-----Original Message-----
From: Joseph Bueno [mailto:[EMAIL PROTECTED]
Sent: Monday, March 24, 2003 11:39 AM
To: Florian Effenberger
Cc: [EMAIL PROTECTED]
Subject: Re: disabling version number
Florian Effenberger wrote:
>>No, why?
>
>
> Part of my security concept, I generally disable all
version numbers.
>
>
You can patch mysql source and recompile ;)
However, if someone has enough access rights on your system to run
"select version();", showing mysql version number should be the least
important of your problems.
Regards,
> Joseph Bueno
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
