469,625 Members | 1,106 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,625 developers. It's quick & easy.

Resetting the root Password

Having a browse through Paul Dubois's book, MySQL (ISBN 0-7357-1212-3), I
came across a section in which he describes how to reset the root password:

1. Shutdown the server by issuing a KILL under Unix or stopping the system
service under Windows.

2. Restart the server with the --skip-grant-tables option which allows you
to connect with no password and all privileges.

3. Reset the root password.

Given that the person first has to have operating system root or
administrator access to shutdown the server, wouldn't this qualify as a
security hole in cases where the OS root doesn't own the database, for
example, on shared machines.

Is it really this simple?

Speck.
Jul 19 '05 #1
1 1833
Speck wrote:
Given that the person first has to have operating system root or
administrator access to shutdown the server, wouldn't this qualify as a
security hole in cases where the OS root doesn't own the database, for
example, on shared machines.

Is it really this simple?


Em.. root can do _anything_ on the server with or without permission
from software. If the root doesn't own the database and the user wishes
him not to access it, then the user should place the database somewhere
else.

Root can even change your shell password, isn't that a security hole also?

Jul 19 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Speck | last post: by
reply views Thread by Thomas | last post: by
1 post views Thread by Adam Smith | last post: by
4 posts views Thread by Bob | last post: by
1 post views Thread by mattsql22 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.