Bug #17115 | Secure by default, default root password | ||
---|---|---|---|
Submitted: | 4 Feb 2006 11:46 | Modified: | 5 Feb 2006 12:07 |
Reporter: | Olaf van der Spek (Basic Quality Contributor) | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Server: Security: Privileges | Severity: | S4 (Feature request) |
Version: | * | OS: | Any (*) |
Assigned to: | CPU Architecture: | Any |
[4 Feb 2006 11:46]
Olaf van der Spek
[5 Feb 2006 11:50]
Valeriy Kravchuk
Thank you for a feature request. The need for (secure) root password is clearly explained by the console messages during installation. Moreover, Windows installer forces user to set root password. I think, similar step/option during (fresh) RPM installation may be also useful. But any default and known password for root, or even explicit demand to use passwords for all users will not solve any security problems. Security is a process, and each database administrator should define and force his own policies, that may chenge over time.
[5 Feb 2006 12:07]
Olaf van der Spek
> The need for (secure) root password is clearly explained by the console messages during installation. That's not enough. > I think, similar step/option during (fresh) RPM installation may be also useful. I think it's better to let the script generate a password itself as the person installing the server may not be the person that will be administrating it. > But any default and known password for root, or even explicit demand to use passwords for all users will not solve any security problems. I think it will. It won't solve all, but it will solve some. You're saying known password, but I'm suggestion an automatically generated password that will thus not be known.
[6 Feb 2006 7:43]
Valeriy Kravchuk
Let me add some comments. > That's not enough. As I noted, there will never be an environment enough secure for everybody. Security is a process that never ends. Let's take Linux (or any other OS) as an example - they mostly force you to set (strong) password for root or any other administrators upon installation. I agree, that our (RPM) installations should do this also. That is what should be fixed later. > I think it's better to let the script generate a password itself as the person > installing the server may not be the person that will be administrating it. Script generating passwords in the MySQL (open source!) distribution will make no real difference for any motivated and experienced cracker. If you want higher level of security, you can write one yourself or integrate any secure password generation system into your custom installation process. By the way, many Linux distributions (and not only them) build MySQL themselves and change installation process/security to anything that meetes their needs and goals better. Any default solution from MySQL will not be good (or better) for everyone. In most cases, by the way, new binaries/RPMs are installed over existing database, with password and security options already set by administrators. They will gain nothing from the feature you proposed.