List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:January 10 2012 7:52pm
Subject:Re: hide server-version at connect?
View as plain text  
On Jan 9, 2012, at 7:27 PM, Reindl Harald wrote:

> Nessus/OpenVAS Test detects the exact server version
> _____________________________________
> 
> NVT: MySQL Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
> Overview: MySQL, a open source database system is running at this host.
> MySQL Version '5.5.19-log' was detected on the remote host.
> _____________________________________
> 
> is there any way to not disclosure the mysqld-version for
> a anonymous connected client?

For the case you give below, no authentication has yet taken place, so you don't know
whether the client is anonymous or not.

But the version is needed for proper client-server negotiation to take place, I believe.

Even if that were not true, any client, anonymous or not, can use SELECT @@version or
SELECT VERSION() to get the version.

> 
> [harry@srv-rhsoft:~]$ telnet localhost 3306
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> N
> 5.5.19-logs+%b?QYO]g��ke8'Xg~e\}!(mysql_native_password
> 
> 
> 
> 

-- 
Paul DuBois
Oracle Corporation / MySQL Documentation Team
Madison, Wisconsin, USA
www.mysql.com

Thread
hide server-version at connect?Reindl Harald10 Jan
  • Re: hide server-version at connect?Johan De Meersman10 Jan
    • Re: hide server-version at connect?Reindl Harald10 Jan
      • Re: hide server-version at connect?Johan De Meersman10 Jan
        • Re: hide server-version at connect?Reindl Harald10 Jan
          • Re: hide server-version at connect?Johnny Withers10 Jan
            • Re: hide server-version at connect?Johan De Meersman10 Jan
              • Re: hide server-version at connect?Chris Tate-Davies10 Jan
                • Re: hide server-version at connect?Chris Tate-Davies10 Jan
  • Re: hide server-version at connect?Paul DuBois10 Jan