From: Reindl Harald Date: January 10 2012 12:34pm Subject: Re: hide server-version at connect? List-Archive: http://lists.mysql.com/mysql/226582 Message-Id: <4F0C3044.2080607@thelounge.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig76D2F1DAC39F26182F608783" --------------enig76D2F1DAC39F26182F608783 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 10.01.2012 13:29, schrieb Johan De Meersman: > ----- Original Message ----- >> From: "Reindl Harald" >> >> sure? what's the binary between version and "mysql_native_password"? >=20 > No idea, I never bothered to look at the raw protocol :-) me too :-) >> mysql 5.5 would be enough i guess, but how to create a patch for >> rpmbuild which must not be permanently changed for every mysql update >=20 > I wouldn't think that bit of the code changes a lot between versions i will look > really. Still, do you really think exposing that is such a risk?=20 > Do you have servers exposed to the net? currently i am scanning all servers from a OpenVAS-Appliance and my primary target is get away all information disclosures samba is the next in the list blwoing out even build-number *grr* all or nothing :-) --------------enig76D2F1DAC39F26182F608783 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8MMEQACgkQhmBjz394AnnvKwCgjoM4FXkd2MkWpV60S1L6K7ma HJMAniRi4SYLrGIE5T9s/XlzUbIek1Pw =6OCF -----END PGP SIGNATURE----- --------------enig76D2F1DAC39F26182F608783--