Results 1 to 6 of 6
  1. #1

    Password for MySQL

    How insecure is it to have no password on MySQL if it is a local server only accessible via VNC not available to the outside world?
    Thanks

    P.S. I'm not fully sure this is the right section, but it is a dedicated server so it might be.

  2. #2
    Why should it be insecure if you are the only one having access to the server.

  3. #3
    Join Date
    Sep 2010
    Location
    Behind you...
    Posts
    356
    If you bound it to localhost in the config file it is only accessible for the local IP so you would be safe.
    file1.info :: 50GB secure cloudstorage with filemanager

  4. #4
    Join Date
    Dec 2005
    Location
    The Netherlands
    Posts
    107
    Because that would mean your users (if you trust them or not) could also login if they have the proper knowledge.

    You have no idea's what customers all 'try' to see what they can do.

    If the server is only used by you, no other users are using it, what you are suggesting might be relatively safe. However, how much effort is it to put a password on it (better an easy one than none).

  5. #5
    Thanks everybody for the responses, that is what I thought but PhpMyAdmin says 'Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole by setting a password for user 'root'.' which just threw me off a bit.

    @Mikej0h I am going to add a password soon, I just wanted to see if it was something that was critical. It's not too much effort but it means changing around a few files to fit the new credentials.

  6. #6
    Join Date
    Dec 2005
    Location
    The Netherlands
    Posts
    107
    Quote Originally Posted by person287 View Post
    Thanks everybody for the responses,
    <cut>
    @Mikej0h I am going to add a password soon, I just wanted to see if it was something that was critical. It's not too much effort but it means changing around a few files to fit the new credentials.
    No problem, that's why we are here for...
    In general it's always better to put a password on daemons if possible.

    Being hacked (whatever the reason might be, let it just be a buggy phpMyAdmin) is never fun, and takes much time to resolve/restore.
    Better be safe than sorry.

Similar Threads

  1. MySQL Password
    By JordanC26 in forum Hosting Security and Technology
    Replies: 5
    Last Post: 04-04-2009, 01:45 PM
  2. Mysql Root Password
    By persianwhois in forum Hosting Security and Technology
    Replies: 6
    Last Post: 05-30-2008, 10:12 AM
  3. what is the password for mysql?
    By asyui8 in forum Hosting Software and Control Panels
    Replies: 0
    Last Post: 03-08-2003, 07:31 AM
  4. MySQL Password Problem
    By about2flip in forum Dedicated Server
    Replies: 5
    Last Post: 01-27-2003, 03:18 AM
  5. MySQL password exploit
    By H4H in forum Hosting Security and Technology
    Replies: 1
    Last Post: 01-21-2003, 08:44 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •