Re: MySQL Security Risk?

From: Jose Maria Lopez Hernandez (jkerouac_at_bgsec.com)
Date: 08/24/04

• Next message: Jim G.: "Re: HELP Under Attack"
• Previous message: Jose Maria Lopez Hernandez: "Re: Snort <=> Acid"
• In reply to: Neil: "MySQL Security Risk?"
• Next in thread: Brian C. Lane: "Re: MySQL Security Risk?"
• Reply: Brian C. Lane: "Re: MySQL Security Risk?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 24 Aug 2004 08:30:50 +0200

Neil wrote:
> Hi All,
>
> I'd like to install MySQL and PHP onto my server that's hosted in a POP on
> the internet. No i have no firewall on tha machine, but i only have the
> SSH, FTP (chrooted, no real users) and APACHE services running. I trust
> these services (rightly or wrongly).
>
> Now MySQL has been around for ages and i was wondering if it is secure
> enough to run on an open server? I understand that you can limit access to
> users at specific IP addresses, but is this service still vunerable to
> attack?
>
> I'd greatly appreciate your views.
>
> Neil
>
>
>

In my penetration tests with nessus and some exploits it looks pretty
strong. You should be more worried about Apache, that it's much more
problematic. At least it's my point of view.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAŅA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                 -- Jack Kerouac, "On the Road"

---

• Next message: Jim G.: "Re: HELP Under Attack"
• Previous message: Jose Maria Lopez Hernandez: "Re: Snort <=> Acid"
• In reply to: Neil: "MySQL Security Risk?"
• Next in thread: Brian C. Lane: "Re: MySQL Security Risk?"
• Reply: Brian C. Lane: "Re: MySQL Security Risk?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: ASP.net Web Services Book ... > mad at you because of that. ... or CowBoy-up" and apologize. ... Anh Java, ca?m o*n anh ve^` dai thi'ch to me.. ... Neil sinh ca.c ba.n tro^ng SCV to keep on correcting me as i've make a ... (soc.culture.vietnamese) Re: Help with IPchains ... >> I have to reconfigure a Linux RedHat 6.2 server we bought from another ... We want to continue to use the public web server that is on this ... The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. ... (comp.security.firewalls) Re: hacked ... Goto your permeter devices and turn on logging like mad (routers/firewall) ... so you can codify events. ... probably go back to your server and I suppose that with not too good thoughs. ... (RedHat) Re: Game doesnt work after MS update ... products and i wanted to make it known that i was mad. ... Cross posting can get ... messages have just *one* copy on the server with links in the newsgroups ... the space on one server and then do so again on all the newsgroups servers ... (microsoft.public.windowsxp.help_and_support) Re: Force uninteractive disk checking on startup ... > I am in charge of a small server without a monitor/keyboard. ... > next boot everything will be fine. ... The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. ... (comp.os.linux.setup)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)