[ale] My head spins at the security and data integrity issues from this
Jim Kinney
jim.kinney at gmail.com
Mon Mar 30 08:23:26 EDT 2009
On Mon, Mar 30, 2009 at 7:51 AM, Mike Harrison <meuon at geeklabs.com> wrote:
>> anything about. It is awesome that all I need is an OS root account
>> and I can edit the user table and restart MySQL to get in. Application
>> security relies on OS security. OS security relies on physical
>> security. We accept this. What am I missing?
>> .!# RichardBronosky #!.
>
> You said what I wanted to.. only better. Agreed.
>
The blog poster did it on a Live, Running MySQL database. Sure. Root
can hexedit the libs on a running system. I suspect that would be a
very, very bad thing to do. The question is WHY would someone do this
on a RUNNING database?
BTW: it is has been a common practice for me to have to edit the user
table on a db that a company lost the password for. Sure beats the
heck out of a registry hack to regain control of a mssql mess!
--
--
James P. Kinney III
More information about the Ale
mailing list