If someone can copy your database files, you're hosed. All the attacker need do is start the server with --skip-grant-tables, and he can can connect to it with no password, and has complete access to any files managed by the server.
Paul & Curley,
And of course if they have physical access to the machine they can remove your hard drive and put them into their own machine as a slave. Hot swapable drives makes removal fast and easy; you don't even need a screwdriver. So if your data is worth something, make sure there are good locks on the door and check everyone's bag on the way out.<g>
If you think this can't happen, a mega bookstore opened up in town and they had their file sever/database sever sitting beside a desk in the common area. I guess they were in a hurry to set it up and get the terminals up and running. Well a few days later the system went down and in a few minutes the techie went over to check it out. Well, their tower computer had disappeared. Apparently someone had disconnected (or cut the cables) it and snuck it out the door under a trench coat. It took less than 60 seconds and their data was gone, customer lists, vendor info, and credit card data now belonged to someone else. I don't know what database they were using, but once your hard drives are gone or copied or backed up, your data is vulnerable unless you're using encryption that is independent of the OS.
Mike
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
