List:Bugs« Previous MessageNext Message »
From:Jan Dvorak Date:October 4 2000 6:19am
Subject:Re: suggestion for security enhancement
View as plain text  
Adam Laurie wrote:
> Michael Widenius wrote:
> >
> > >>>>> "Adam" == Adam Laurie <adam@stripped> writes:
> >
> > Adam> Can I suggest you create an empty ~/.my.cnf with the correct file
> > Adam> permisions (i.e. same as ~/.mysql_history) so that later setups don't
> > Adam> inadvertantly leak passwords & stuff...
> >
> > The question is when to do this.  We can't to this when installing
> > MySQL, as the there is probably going to be many more users than just
> > the one that is doing the install.  I also don't think it's a good idea to
> > automaticly create the above file in all our clients.
> i would do it at the same time you create the ~/.my.history file - i.e.
> the first time you run a client.
> > One solution would be te check the permission of the ~/.my.cnf file
> > each time you start the mysql client and if it's readable for all give
> > a warning for this.  Do you think this would be good enough for you?
> no, because the user may not understand/care about the issue. we have to
> protect against lazy/dumb users. a warning would be good as well, so if
> they accidentally change it's permissions they get to notice.

Not only should the client give a warning,
it could remove the extra permission(s) as well.

That way, users who care about warnings will find out what happened,
and users who don't care will have it done nonetheless, automagically.

Jan Dvorak
suggestion for security enhancementAdam Laurie29 Sep
  • suggestion for security enhancementMichael Widenius3 Oct
  • Re: suggestion for security enhancementAdam Laurie3 Oct
    • Re: suggestion for security enhancementThimble Smith3 Oct
    • Re: suggestion for security enhancementMichael Widenius4 Oct
  • Re: suggestion for security enhancementJan Dvorak4 Oct
    • Re: suggestion for security enhancementMichael Widenius4 Oct