Contributed by jose on from the secure-data dept.
"I installed the mysql-server-3.23.55 package on a standard install of 3.2. I followed the post install instructions from the local shell but I kept getting acess denied errors. They either claimed that the root user didn't have access to the db or that the localhost was not authorized.I have to admit, running databases securely isn't something we talk about much here. I was looking to post this article from SecurityFocus in the coming few days, so now is as good a time as any. Anyone have any good recipes for securing their databases they wish to share?
I know that I probably have missed something stupid but my concern is as follows: when I access the mysql server module from webmin as root (yeah I know that's not a good idea but this is a test machine), I get right in and can administer anything. The point being that I have full access to mysql from a remote computer through webmin using the same credentials that get denied at the local shell.
That doesn't seem good to me. How can I possibly have more access from a remote computer?
Anyway, if anyone has any thoughts on what could cause the root user/localhost denied problems, they would be much appreciated:
Thanks in advance :-)"
- release version of 3.2
- release version of mysql 3.23.55 package
- hosts file has both localhost and hostname
- able to set password on root user and authorize ALL incoming hosts from webmin
- able to start mysqld but unable to access any db functions, including the admin program from the local machine
(Comments are closed)