Bug #6901 Do not install a test database for security reason
Submitted: 1 Dec 2004 0:03 Modified: 1 Mar 2013 12:47
Reporter: Christian Hammers (Silver Quality Contributor) (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Installing Severity:S4 (Feature request)
Version: OS:Any
Assigned to: CPU Architecture:Any
Tags: qc

[1 Dec 2004 0:03] Christian Hammers 
Description:
At least for 5.0 you should consider to drop the creation of a test database and passwordless user during installation to enhance security... 

How to repeat:
-

Suggested fix:
-
[1 Dec 2004 9:57] Sergei Golubchik 
what if we'll make it a command-line swicth to mysql_install_db ?
Then you can set it in .deb to force more secure installation.
[1 Dec 2004 10:06] Christian Hammers 
I have made patches for the Debian packages. I thought just that you might think
about this, too... :)
[13 Apr 2006 12:45] Olaf van der Spek 
Hi Sergei,

Are there any updates on this issue?
[22 Oct 2007 14:16] Valeriy Kravchuk 
Thank you for a reasonable feature request.
[1 Mar 2013 12:47] Yngve Svendsen 
As of MySQL Server 5.6.8 (please see the relevant section here: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-8.html), an option to prevent passwordless accounts and force setting of root passwords was added to mysql_install_db. This option is now being used by our RPMs and Solaris PKGs. The test db itself remains for the time being.