On Feb 25, 2011 8:40 AM, "Aaron Toponce" <aaron.topo...@gmail.com> wrote: > > On Fri, Feb 25, 2011 at 12:42:51PM +0100, Sjoerd Hardeman wrote: > > SQL injecting and web forms will not work for ssh directly, unless > > you have a very poorly configured apache+mysql-config. Of course > > there are ways of obtaining someone's password. > > Heh. SQL injections can get you all sorts of things. The goal is to get > into the server via any route possible. If you leave the server open to > the outside world, disabling root login via ssh isn't granting you any > security. >
I'll bite, please explain.
