[imp] Fwd: Horde webmail: mysql access
Ramon Kagan
rkagan at yorku.ca
Tue Apr 27 08:58:14 PDT 2004
Uhm, from the mysql create file:
REPLACE INTO user (host, user, password)
VALUES (
'localhost',
'horde',
-- IMPORTANT: Change this password!
PASSWORD('horde')
);
What part of "--IMPORTANT:..." don't they understand?
Also, one should have better security for their mysql server:
1. Specify where horde can connect from in the mysql DB
2. TCP wrap the mysql network connection
3. Audit the logs for suspicious activity.
The lack of security explained by this user is nothing more than ignorance
and laziness. Nobody can take care of security for your machines for you.
The onus is on yourself.
Ramon Kagan
York University, Computing and Network Services
Unix Team - Senior Unix Systems Administrator
(416)736-2100 #20263
rkagan at yorku.ca
----------------------------------- ------------------------------------
I have not failed. I have just I don't know the secret to success,
found 10,000 ways that don't work. but the secret to failure is
trying to please everybody.
- Thomas Edison - Bill Cosby
----------------------------------- ------------------------------------
On Tue, 27 Apr 2004, Curt LeCaptain wrote:
> Thought you guys would be interested in seeing this, came from
> bugtraq at securityfocus. From what I know, this's anything but the
> truth.
>
> Curt L
>
> !DSPAM:408e7b94203211317119348!
>
More information about the imp
mailing list