List:Internals« Previous MessageNext Message »
From:Michael Widenius Date:January 4 2002 4:01am
Subject:MySQL design comments. --skip-grant-tables
View as plain text  

>>>>> "Alexander" == Alexander Keremidarski <salle@stripped>
> writes:

Alexander> Description:
Alexander> -sG, --skip-grant-tables is intended to be recovery option. When used it 
Alexander> skips all grants including remote access which is potential securtiy 
Alexander> problem from Server Admin point of view.
Alexander> With current behaviour it is possible to run mysqld -sG and forget it 
Alexander> running. It is Server Admin problem but still I think it is better to 
Alexander> prevent this.


Thanks for your comments;  We will discuss them internally and see
which one we should implement.


Alexander> This touches another topic:
Alexander> Defaults in MySQL install and how dangerous they can be:
Alexander> * Passwordless root by default.
Alexander> * Using root as MySQL Admin User
Alexander> * Listening on TCP by default
Alexander> and so on 

Alexander> Being root I always vote against defaults

This is something that we can't easily change;  If we would force a
password, we would get more emails that we can handle about users that
have a problem starting or using MySQL.

When you have a LOT of users, you must make things a bit less secure
by default to get things to work at all.

MySQL design comments. --skip-grant-tablesAlexander Keremidarski3 Jan
  • MySQL design comments. --skip-grant-tablesMichael Widenius4 Jan
  • Re: MySQL design comments. --skip-grant-tablesAlexander Keremidarski4 Jan
    • Re: MySQL design comments. --skip-grant-tablesMichael Widenius5 Jan