[ale] My head spins at the security and data integrity issues from this

Richard Bronosky Richard at Bronosky.com
Mon Mar 30 00:10:15 EDT 2009


Appalling? This is pure awesomeness. I know a lot of MSFT types who
are freaked out that in Linux, network interfaces and user accounts
can be created or modified by editing a text file. My question is: Why
would it alarm anyone _here_ that the same is true for [arguably] the
most popular database used on Linux. As a DBA, I've had NUMEROUS cases
where I've been asked to take over some abandoned DB that no one knows
anything about. It is awesome that all I need is an OS root account
and I can edit the user table and restart MySQL to get in. Application
security relies on OS security. OS security relies on physical
security. We accept this. What am I missing?

.!# RichardBronosky #!.



On Sun, Mar 29, 2009 at 11:11 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
> :-)
>
> More of my appalledness (is that a word?) was that anyone would
> deliberately edit a live db system data file with sed.
>
> But since I've decided to live my life from a solopsistic perspective,
> I can imagine someone would try that
>
>
> ___:-)___
>
> On Sun, Mar 29, 2009 at 10:47 PM, Jim Popovitch <jimpop at gmail.com> wrote:
>> On Sun, Mar 29, 2009 at 22:42, Jim Kinney <jim.kinney at gmail.com> wrote:
>>> http://www.karan.org/blog/index.php/2009/03/29/down-and-dirty-with-mysql
>>>
>>> live editing mysql files with sed bypasses mysql security protocols. I
>>> can only imagine the fun that ensues after the db crashes...
>>
>> Wake up sleepy-head, someone around you is thinking their way into the
>> future....
>>
>> -Jim P.
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>>
>
>
>
> --
> --
> James P. Kinney III
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>


More information about the Ale mailing list