| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Steve Atkins <steve(at)blighty(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Magnus Hagander <magnus(at)hagander(dot)net> |
| Subject: | Re: Bugtraq: Having Fun With PostgreSQL |
| Date: | 2007-06-24 15:55:09 |
| Message-ID: | 18966.1182700509@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Steve Atkins <steve(at)blighty(dot)com> writes:
> On Jun 23, 2007, at 11:03 AM, Magnus Hagander wrote:
>> Out of curiosity, how do other databases deal with this?
> MySQL installs with an empty root password for access from
> localhost or the machines own IP address. It also installs an
> account with network access to any database beginning with
> "test" and possibly some more ill-defined accounts with local
> access.
FWIW, on mysql 5.0.42 I see only "root(at)localhost" and "root(at)127(dot)0(dot)0(dot)1"
in a fresh-out-of-the-box installation; not sure where you got these
other accounts, maybe a distro-specific modification?
But the bottom line is that mysql's out-of-the-box behavior is
*exactly* like our trust-for-local-connections behavior. Anyone
on the box can do "mysql -u root ..." and the server will accept
them as being superuser (they don't even have to know to enter an
empty password, in my experience).
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2007-06-24 16:30:30 | Re: Bugtraq: Having Fun With PostgreSQL |
| Previous Message | Simon Riggs | 2007-06-24 10:20:07 | Winner of naming discussions: Synchronous Commit |