Pretty much it's assumed that if you can login to a machine in any way, you know the password and you change it regularly. It's just a bad thing when it's decryptable in my opinion. Otherwise, there's a huge problem with SSH in general and should be avoided like the plague. (in 2 occasions or so lol) SSH has been around long enough with options such as that where people could have learned that in elementary school if they taught more than Apple IIe or Windows. Have to admit, it's a world different than rsh, I almost cried in happiness when ssh was invented. Everytime I've ever installed MySQL (via emerge/dpkg/etc), it's almost always said something along the lines of 'now's the time to set the root password with xyz command'. I do agree though, it should be part of the initial startup... if root is blank, prompt user for password then timeout after 20 seconds and kill the running app. --Dan On Thu, May 22, 2008 at 12:14 AM, Jon Ernster wrote: > FreeBSD, and I would have to assume OpenBSD have root login via ssh > disabled by default. It doesn't make much sense why linux distros don't > change this, but it doesn't make sense why MySQL is shipped without a > root password either. I guess someone thinks it's a good idea, or > doesn't think it's a bad enough idea to fix a common sense security flaw. --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss