Bug #234 RFE: place commented out "skip-networking" in default /etc/my.cnf
Submitted: 6 Apr 2003 7:49 Modified: 9 Apr 2003 13:17
Reporter: Bryce Nesbitt Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:All OS:Any (All)
Assigned to: Lenz Grimmer CPU Architecture:Any

[6 Apr 2003 7:49] Bryce Nesbitt
Description:
Description of problem:
-----------------------
Many people run mysql on the same machine as the web server, and thus don't need external networking enabled at ALL.  A service that is turned off is always more secure than a service that's turned on.

Besides, mysql comes by default with no root password, and a variety of less-than-perfectly-secure privs.  So, we should encourage more people to "--skip-networking".

How to repeat:
Install mysql.
Notice that external networking is enabled.

Suggested fix:
Proposed solution (for /etc/my.cnf):
------------------------------------
If you'd add a commented-out "skip networking" line in /etc/my.cnf,
more people would discover this option.  Many people run mysql on the
same machine as the web server, and thus don't need external networking
enabled.  A service that is turned off is always more secure than
a service that's turned on.

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
#skip-networking

[mysql.server]
user=mysql
basedir=/var/lib
#skip-networking

[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
#skip-networking
[7 Apr 2003 5:29] Miguel Solorzano
Thanks for the report. This issue is explained in the
Manual and others important issues on Security chapter.
[7 Apr 2003 6:28] Bryce Nesbitt
Yes, it is explained.  However people are often lazy, that's how we get so many security holes.

Pointing people in the right direction (by placing a line in a file they probably edit or at least look at) helps reach even those who don't take the time to read the manual.  This is a free and easy way to reduce the number of insecure MySQL servers out there.  Why not?
[7 Apr 2003 8:14] Bryce Nesbitt
-
[8 Apr 2003 9:47] Lenz Grimmer
Thanks for pointing this out - adding it to the sample my.cnf files 
(commented out by default) should be doable.
[8 Apr 2003 10:04] Lenz Grimmer
Note to self: adding skip-networking" on windows without enabling 
named pipes will render mysqld useless. This needs to be mentioned 
in the comment.
[9 Apr 2003 13:17] Lenz Grimmer
Thank you for your bug report. This issue has been fixed in the latest
development tree for that product. You can find more information about
accessing our development trees at 
    http://www.mysql.com/doc/en/Installing_source_tree.html

Fixed for 4.0.13 by adding the option (commented out by 
default) to the sample config files.
[9 Apr 2003 13:32] Bryce Nesbitt
Thank your for your attention to this detail.
[18 Feb 2013 11:51] joe santos
I installed My SQL Workbench 5.2 CE on Win8
I got the same error you guys were making

to make server work on local host (same PC) find the my.ini file created when setting up a server

C:\ProgramData\MySQL\MySQL Server 5.6\my.ini

look for "skip-networking" and comment it out (place a # in front of it)
#skip-networking