Hi!
On Nov 27, DeBug wrote:
> >>>- Someone copies the DB files to another box, starts a mysql
> >>>instance, loads the DB and presto - views the 'private' data !!!
> >>>
>
> PD> Sure. That's why you establish filesystem level access privileges so that
> PD> only the mysql user can copy them in the first place.
>
> Some DBMSs allow to setup databases on a separate partition with its
> own filesystem that will have nothing in common with OS filesystem.
> OS is unable to read DBMS filesystem data.
> So getting root on OS does not give the hacker access to the DBMS file
> system and only DBMS users can access it.
No, getting root gives access to each and every byte on the hard drive.
He can read the partition where the data are. And if he is prepared, he
can interpret them, of course (we are not talikng about script kiddies
here, do we ?).
Or, he can patch the in-memory image of the running db process and
access the data through it.
Regards,
Sergei
--
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Sergei Golubchik <[EMAIL PROTECTED]>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Senior Software Developer
/_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany
<___/ www.mysql.com
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
