[imp] Fwd: Horde webmail: mysql access

Ramon Kagan rkagan at yorku.ca
Tue Apr 27 08:58:14 PDT 2004


Uhm, from the mysql create file:

REPLACE INTO user (host, user, password)
    VALUES (
        'localhost',
        'horde',
  -- IMPORTANT: Change this password!
        PASSWORD('horde')
    );


What part of "--IMPORTANT:..." don't they understand?
Also, one should have better security for their mysql server:
	1.  Specify where horde can connect from in the mysql DB
	2.  TCP wrap the mysql network connection
	3.  Audit the logs for suspicious activity.

The lack of security explained by this user is nothing more than ignorance
and laziness.  Nobody can take care of security for your machines for you.
The onus is on yourself.

Ramon Kagan
York University, Computing and Network Services
Unix Team -  Senior Unix Systems Administrator
(416)736-2100 #20263
rkagan at yorku.ca

-----------------------------------   ------------------------------------
I have not failed.  I have just	       I don't know the secret to success,
found 10,000 ways that don't work.     but the secret to failure is
				       trying to please everybody.
	- Thomas Edison				- Bill Cosby
-----------------------------------   ------------------------------------

On Tue, 27 Apr 2004, Curt LeCaptain wrote:

> Thought you guys would be interested in seeing this, came from
> bugtraq at securityfocus.  From what I know, this's anything but the
> truth.
>
> Curt L
>
> !DSPAM:408e7b94203211317119348!
>


More information about the imp mailing list