I have been preaching since 2003 that the default deployment of
MySQL (where root can access without password) should be changed
to something more sicure.
Yet, MySQL 5.6 still uses the same defaults.
$ mysql --no-defaults -u root --port=5000 -h 127.0.0.1
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.9-rc MySQL Community Server (GPL)
Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> set password=password('oh-come-on');
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
I have installed MySQL 5.6. Now I access as root without
password. Not a word of complaint. Not a warning. Nothing.
But what happens when I set a password and use it?
$ mysql --no-defaults -u root --port=5000 -h 127.0.0.1 -poh-come-on
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.6.9-rc MySQL Community Server (GPL)
Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
WTF? So a password is insecure, but no password is OK?
I know the risks of using a password at the command line, thanks
for telling me. Now I don't want to see this message
anymore.
I wonder how I can remove this warning. Scripted testing gets
borked horribly with it.