Soren Hansen wrote: > We want to ask as few questions as possible during installation, so we > prefer not to ask the user for a root password for his mysql server > during install. However, having a mysql server without a root password > leaves the database wide open for various exploits in e..g webapps.
What kind of exploits? User can access mysql (by default) only if he is root or has sudo rights. So... If that user is compromised, securing mysql is pointless since he can override mysql's root password. Am I missing something? -- Root password policy for mysql https://bugs.launchpad.net/bugs/119075 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
