Soren Hansen wrote:

> We want to ask as few questions as possible during installation, so we
> prefer not to ask the user for a root password for his mysql server
> during install. However, having a mysql server without a root password
> leaves the database wide open for various exploits  in e..g webapps.

What kind of exploits? User can access mysql (by default) only if he is 
root or has sudo rights. So... If that user is compromised, securing 
mysql is pointless since he can override mysql's root password.

Am I missing something?

-- 
Root password policy for mysql
https://bugs.launchpad.net/bugs/119075
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to