On Thursday 26 April 2007 02:31, sean finney <[EMAIL PROTECTED]> wrote: > > Empty passwords by default might be OK for a source based install of > > MySQL, but they are not OK for a Debian install. Debian packages should > > be expected to be secure by default! > > i think it's fairly common knowledge that this is to be expected when > installing mysql, as you will find this to be the case for every other > distribution of unix/linux that includes mysql.
If it was common knowledge then surely I would have known it years ago! The big advantage of MySQL over all other options is the low level of skill needed to administer it. Oracle requires a dedicated DBA with a six figure salary. PostgreSQL requires a good sys-admin who has experience and knows SQL. MySQL generally works for anyone who wants to turn it on. > however, in principle i agree with you--hence we went out of our way to > do the password prompt stuff in the first place. perhaps we should > consider raising the priority of the question (currently i believe it's > medium, which is why you didn't see it maybe?). I believe that if there is an option to run a system with no administrative password then the question about it should be at the highest priority, or the password should be set to a random value (from /dev/random) by default. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
