List:General Discussion« Previous MessageNext Message »
From:Ryan Dewhurst Date:December 29 2011 5:42pm
Subject:Re: mysql_secure_installation
View as plain text  
Hi Shawn,

I would assume that MySQL is installed mostly on production servers
rather than in class room environments.

Wouldn't it make more sense for MySQL to be secure by default rather
than insecure by default?

It would make more sense to me if there was a
'mysql_insecure_installation' script that did the opposite and the
steps done by 'mysql_secure_installation' were implemented by default.

I suspect many developers are not even aware of
mysql_secure_installation or the steps that it takes and the vast
majority do not run it or the do the steps at all.

In my opinion, additional steps shouldn't be taken to make MySQL more
secure, instead additional steps should be taken to make it insecure
if that is what is needed in certain environments.

Thank you for the reply.

Ryan

On Tue, Dec 27, 2011 at 4:08 PM, Shawn Green (MySQL)
<shawn.l.green@stripped> wrote:
> Hello Ryan,
>
>
> On 12/18/2011 15:36, Ryan Dewhurst wrote:
>>
>> Hi,
>> Does anyone know why what's done in 'mysql_secure_installation' [0]
>> isnot part of the default mysql installation?
>> [0] http://dev.mysql.com/doc/refman/5.0/en/mysql-secure-installation.html
>> Thank you,Ryan Dewhurst
>> P.S. I also asked this question on the
>> forums:http://forums.mysql.com/read.php?30,506069,506069#msg-506069
>>
>
> The script simply automates the steps documented in our manual, here:
> http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html
>
> If you want to see the script in action:
> * repeat a fresh install
> * enable the General Query Log
> * run the script.
>
> The General Query Log stores a copy of every command sent to a MySQL server
> before the server even parses it. It's there as a diagnostic tool and should
> not be enabled on a production machine unless there is a specific need to do
> so.
>
> The steps of 'mysql_secure_installation' are not performed by default
> because many people want to just get to know MySQL before putting it into
> full production. This is most easily performed (especially in a classroom
> setting) with an unsecured installation. Also the steps to secure the
> installation can be leveraged as an excellent teaching tool for:
>
> a) How MySQL accounts are authenticated
> b) Where the account information is stored
> c) The different levels of authentication supported by MySQL.
>
> For those who don't want to read or learn, or for those who simply want to
> automate their installation, there is the script.
>
> --
> Shawn Green
> MySQL Principal Technical Support Engineer
> Oracle USA, Inc. - Hardware and Software, Engineered to Work Together.
> Office: Blountville, TN
Thread
mysql_secure_installationRyan Dewhurst18 Dec
  • Re: mysql_secure_installationMySQL)27 Dec
    • Re: mysql_secure_installationRyan Dewhurst29 Dec
      • Re: mysql_secure_installationReindl Harald29 Dec