At 16:53 -0700 9/24/02, Tom Emerson wrote:
Being new to MySQL, it took a while to grok how security works. Now that
I have a bit of a better understanding, a mental revalation is coming to
the surface of my mind: since mysql users are NOT unix/windows-domain
users, is the root user truly needed for a functional mysql environment?
I do realize that there needs to be some user who essentially has all the
grantable columns set to Y in the USER table, otherwise you could lose the
ability to add or delete users, specify new databases, etc. I'm thinking
this super user could (should?) be identified by something such as dba
or admin -- anything other than the name of root. This would avoid the
[probable] security hole of using the unix password as the mysql
password for the root user (something I suspect many people have done
without realizing the implications) simply because there would be no root
user.
The user name in the superuser accounts doesn't have to be named root.
It could just as well be powerless.
I'm kind of guessing that one reason that the name root was chosen was
because the command-line interface defaults the user name to your (unix)
session name. By pre-building a root user, the authors avoided the need
to teach the use of the -u switch during the initial setup of mySql
(which is good and bad: good because it is one less thing for a new mysql
admin to have to learn, bad because new admins haven't even been introduced
to the security system, so they are likely to use their actual root
password because they haven't yet been informed that mysql-users
unix-users...)
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
