Security through obscurity?
If none of your MySQL (or samba) servers are open to untrusted
networks, why do you need to hide this information.
Sent from my iPad
On Jan 10, 2012, at 6:35 AM, Reindl Harald <h.reindl@stripped> wrote:
> Am 10.01.2012 13:29, schrieb Johan De Meersman:
>> ----- Original Message -----
>>> From: "Reindl Harald" <h.reindl@stripped>
>>> sure? what's the binary between version and "mysql_native_password"?
>> No idea, I never bothered to look at the raw protocol :-)
> me too :-)
>>> mysql 5.5 would be enough i guess, but how to create a patch for
>>> rpmbuild which must not be permanently changed for every mysql update
>> I wouldn't think that bit of the code changes a lot between versions
> i will look
>> really. Still, do you really think exposing that is such a risk?
>> Do you have servers exposed to the net?
> currently i am scanning all servers from a OpenVAS-Appliance and
> my primary target is get away all information disclosures
> samba is the next in the list blwoing out even build-number *grr*
> all or nothing :-)