Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Bill Kenworthy (billkiinet.net.au)
Date: Tue Dec 11 2001 - 16:44:20 CST
Ok, looks even worse, seems you can get system access as well as letting
the world see and modify what data you have in your databases.
SQLserver asks for a password on install, it actually lets you enter and
accepts a blank, its only those who accept the default that get caught.
MySQL sets a blank without telling you! and then you have to have the
knowledge to know that the package you have installed is a security risk
AND that when installed its run as a default service. Nice security
hole for the inexperienced!!
On Wed, 2001-12-12 at 04:13, LMSecurityDiscusspssp.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Tuesday 11 December 2001 05:45 am, Bill Kenworthy wrote:
> > ... this is a SEVERE security hole that Ms is
> > rightly being caned for, and Linux/Mandrake has basicly the same
> > flaw! Thank god for firewalls!
> Linux/Mandrake is a distribution of many packages, MySQL is only one
> if the many packages. I think it would be more effective to bark up
> the tree at http://www.mysql.com Linux/Mandrake deserves accolades
> for even considering a workaround.
> Also, there are some fundamental differences in the way default
> permissions are set in Microsoft SQL Server and MySQL.
> My comments are below...
For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.