default installation and security question

[Nicole Lallande]

Greetings,

I have been working with a software provider whose software db 
configuration uses the default mysql installation (ie, root, no 
password).  They contend that since the mysql server itself is not 
shared (ie, installed on a vps for a single user) that there is no need 
to add a password.  Are they correct?  All the documentation I have 
every read recommends at the very least immediately adding a password. 
Please advise.

Best regards,

Nicole



-
Before posting, please check:
  http://www.mysql.com/manual.php   (the manual)
  http://lists.mysql.com/   (the list archive)
To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Re: default installation and security question

[Paul DuBois]

At 7:53 -0800 3/3/03, Nicole Lallande wrote:
Greetings,

I have been working with a software provider whose software db 
configuration uses the default mysql installation (ie, root, no 
password).  They contend that since the mysql server itself is not 
shared (ie, installed on a vps for a single user) that there is no 
need to add a password.  Are they correct?  All the documentation I 
have every read recommends at the very least immediately adding a 
password. Please advise.
No.  They're incorrect.

Running as root is an invitation for trouble.
Running without a password is an invitation for trouble.
Best regards,

Nicole


-
Before posting, please check:
  http://www.mysql.com/manual.php   (the manual)
  http://lists.mysql.com/   (the list archive)
To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php