LinuxMCE Forums

General => Users => Topic started by: brononius on February 23, 2012, 10:31:06 am

Title: 'Blank' passwords
Post by: brononius on February 23, 2012, 10:31:06 am
Hey,

I searched a bit, but couldn't find a straight answer.
How (and what's the risk) to change the default 'blank' password?

The database user is using a blank password, as well as the asterisk admin.
Can i just change this password? Or will it have impact on other stuff as well?

I was thinking about changing:

Reason for all this is that of course it's not very secure to use 'blank' password. And lately, a lot of software don't allow 'blank' passwords (fe phpmyadmin) by default...
Title: Re: 'Blank' passwords
Post by: sambuca on February 23, 2012, 01:34:40 pm
Hi,

This would be a research project to find out what works and what breaks, and how to fix it.

I would also suggest that you try to get your changes integrated into LinuxMCE if you get anywhere.

br,
sambuca
Title: Re: 'Blank' passwords
Post by: mkbrown69 on February 23, 2012, 05:59:45 pm
Brononi,

Look into the package dbconfig-common. It's the means for creating database users in a manageable way using package mechanisms.

From the apt description...

Description: common framework for packaging database applications This package presents a policy and implementation for  managing various databases used by applications included in Debian packages.
 It can:
  - support MySQL, PostgreSQL, and sqlite based applications;
  - create or remove databases and database users;
  - access local or remote databases;
  - upgrade/modify databases when upstream changes database structure;
  - generate config files in many formats with the database info;
  - import configs from packages previously managing databases on their own;
  - prompt users with a set of normalized, pre-translated questions;
  - handle failures gracefully, with an option to retry;
  - do all the hard work automatically;
  - work for package maintainers with little effort on their part;
  - work for local admins with little effort on their part;
  - comply with an agreed upon set of standards for behavior;
  - do absolutely nothing if that is the whim of the local admin;
  - perform all operations from within the standard flow of package management (no additional skill is required of the local admin).

That's probably the best way forward.  It's what Debian and MythBuntu uses for MythTV/MySQL database management.  I too would like to see the security on the DB users tightened up, but I'm busy with a z/OS course for work which is eating up my spare time...

Hope that helps!

/Mike