Ok, looks even worse, seems you can get system access as well as letting
the world see and modify what data you have in your databases.
SQLserver asks for a password on install, it actually lets you enter and
accepts a blank, its only those who accept the default that get caught.
MySQL sets a blank without telling you! and then you have to have the
knowledge to know that the package you have installed is a security risk
AND that when installed its run as a default service. Nice security
hole for the inexperienced!!

BillK

On Wed, 2001-12-12 at 04:13, LMSecurityDiscusspssp.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tuesday 11 December 2001 05:45 am, Bill Kenworthy wrote:
> > ... this is a SEVERE security hole that Ms is
> > rightly being caned for, and Linux/Mandrake has basicly the same
> > flaw! Thank god for firewalls!
>
>
> Linux/Mandrake is a distribution of many packages, MySQL is only one
> if the many packages. I think it would be more effective to bark up
> the tree at http://www.mysql.com Linux/Mandrake deserves accolades
> for even considering a workaround.
>
> Also, there are some fundamental differences in the way default
> permissions are set in Microsoft SQL Server and MySQL.
>
> My comments are below...

For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]