LinuxMCE Forums
June 19, 2013, 08:09:57 am GMT-1 *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Rule #1 - Be Patient - Rule #2 - Don't ask when, if you don't contribute - Rule #3 - You have coding skills - LinuxMCE's small brother is available: http://www.agocontrol.com
 
   Home   Help Search Chat Login Register  
LinuxMCE Forums > LinuxMCE > Users > 'Blank' passwords
Pages: [1]
« previous next »
  Print  
Author Topic: 'Blank' passwords  (Read 328 times)
brononius
Guru
****
Posts: 361


Trying to keep it simple and centralized...


View Profile WWW
« on: February 23, 2012, 10:31:06 am »
Hey,

I searched a bit, but couldn't find a straight answer.
How (and what's the risk) to change the default 'blank' password?

The database user is using a blank password, as well as the asterisk admin.
Can i just change this password? Or will it have impact on other stuff as well?

I was thinking about changing:
  • mysql user root
  • /etc/pluto.conf
  • asterisk admin user
  • ...

Reason for all this is that of course it's not very secure to use 'blank' password. And lately, a lot of software don't allow 'blank' passwords (fe phpmyadmin) by default...
Logged
Version: linuxMCE 1004 (v 2012-07-01)
Extra's: Cacti, webmin, phpmyadmin, joomla

Server: MSI MS-7519 / E7400 2,8GB / 4GB / SSD 60GB / Radeon HD4350 / RTL8111 - 3C905C-TX
Orbiters: HTC Desire Z, HP PocketPC, Samsung Galaxy S, iPAD, ASUS eeePAD
Automation: EIB technology, KNX IP ROUTER 750
Phones: Cisco 7940, Cisco 7960
Camera's: IPCAM02
sambuca
Guru
****
Posts: 422


View Profile
« Reply #1 on: February 23, 2012, 01:34:40 pm »
Hi,

This would be a research project to find out what works and what breaks, and how to fix it.

I would also suggest that you try to get your changes integrated into LinuxMCE if you get anywhere.

br,
sambuca
Logged
mkbrown69
Veteran
***
Posts: 103


View Profile
« Reply #2 on: February 23, 2012, 05:59:45 pm »
Brononi,

Look into the package dbconfig-common. It's the means for creating database users in a manageable way using package mechanisms.

From the apt description...

Description: common framework for packaging database applications This package presents a policy and implementation for  managing various databases used by applications included in Debian packages.
 It can:
  - support MySQL, PostgreSQL, and sqlite based applications;
  - create or remove databases and database users;
  - access local or remote databases;
  - upgrade/modify databases when upstream changes database structure;
  - generate config files in many formats with the database info;
  - import configs from packages previously managing databases on their own;
  - prompt users with a set of normalized, pre-translated questions;
  - handle failures gracefully, with an option to retry;
  - do all the hard work automatically;
  - work for package maintainers with little effort on their part;
  - work for local admins with little effort on their part;
  - comply with an agreed upon set of standards for behavior;
  - do absolutely nothing if that is the whim of the local admin;
  - perform all operations from within the standard flow of package management (no additional skill is required of the local admin).

That's probably the best way forward.  It's what Debian and MythBuntu uses for MythTV/MySQL database management.  I too would like to see the security on the DB users tightened up, but I'm busy with a z/OS course for work which is eating up my spare time...

Hope that helps!

/Mike
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!