List:MySQL on Win32« Previous MessageNext Message »
From:Paul DuBois Date:August 28 2002 8:20pm
Subject:Re: skip-grant-tables
View as plain text  
At 0:43 +0700 8/29/02, Arun Khemlai wrote:
>hallo,
>
>i'm reading section A.4.2 "How to Reset a Forgotten Root Password"
>in the MySQL reference manual and have a doubt. hope u gurus
>can help:
>
>the manual states tht one can set a new password by taking
>the server down and restarting it again with the "skip-grant-tables" option.
>then assign a new pwd.
>
>so i tried and it did work (of coz, it's the reference manual).
>now i have all privileges (r/w) for all databases/tables.
>
>this doesn't make sense to me somehow: on windows everyone can kill the
>server using the task manager. this means, by following the above
>instruction,
>one would be able t make change to a table/database that he/she doesn't
>right
>to do so. is it correct?

Sure.  Someone who has physical access to your machine can do whatever
they want with it.  This is true of any OS, not just Windows, and it's
true for any application, not just MySQL.

>
>so my question is, is it possible to prevent this to happen.
>surely i don't want whoever used to read the manual remove the
>"all-data-is-here" table in my killing business app.

Prevent physical access to your machine, for starters.

>
>Arun
>
>
>
>__________________________________________________________________
>
>Gesendet von Yahoo! Mail - http://mail.yahoo.de
>M–chten Sie mit einem Gruþ antworten? http://grusskarten.yahoo.de

Thread
skip-grant-tablesArun Khemlai28 Aug
  • Re: skip-grant-tablesPaul DuBois29 Aug