Pretty much it's assumed that if you can login to a machine in any
way, you know the password and you change it regularly. It's just a
bad thing when it's decryptable in my opinion. Otherwise, there's a
huge problem with SSH in general and should be avoided like the
plague. (in 2 occasions or so lol)
SSH has been around long enough with options such as that where people
could have learned that in elementary school if they taught more than
Apple IIe or Windows.
Have to admit, it's a world different than rsh, I almost cried in
happiness when ssh was invented.
Everytime I've ever installed MySQL (via emerge/dpkg/etc), it's almost
always said something along the lines of 'now's the time to set the
root password with xyz command'. I do agree though, it should be part
of the initial startup... if root is blank, prompt user for password
then timeout after 20 seconds and kill the running app.
--Dan
On Thu, May 22, 2008 at 12:14 AM, Jon Ernster <
jon.ernster@gmail.com> wrote:
> FreeBSD, and I would have to assume OpenBSD have root login via ssh
> disabled by default. It doesn't make much sense why linux distros don't
> change this, but it doesn't make sense why MySQL is shipped without a
> root password either. I guess someone thinks it's a good idea, or
> doesn't think it's a bad enough idea to fix a common sense security flaw.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)