Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:54693
Return-Path: <johannes@schlueters.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 90701 invoked from network); 18 Aug 2011 16:09:49 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Aug 2011 16:09:49 -0000
Authentication-Results: pb1.pair.com smtp.mail=johannes@schlueters.de; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=johannes@schlueters.de; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain schlueters.de from 217.114.211.66 cause and error)
X-PHP-List-Original-Sender: johannes@schlueters.de
X-Host-Fingerprint: 217.114.211.66 config.schlueters.de  
Received: from [217.114.211.66] ([217.114.211.66:50589] helo=config.schlueters.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A5/A0-21097-C493D4E4 for <internals@lists.php.net>; Thu, 18 Aug 2011 12:09:49 -0400
Received: from [192.168.2.230] (ppp-93-104-44-22.dynamic.mnet-online.de [93.104.44.22])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by config.schlueters.de (Postfix) with ESMTPSA id 0C82777D35;
	Thu, 18 Aug 2011 18:09:44 +0200 (CEST)
To: mike@rile.ca
Cc: 'Roger Llopart Pla' <lumbendil@gmail.com>, 'Reindl Harald'
 <h.reindl@thelounge.net>, internals@lists.php.net
In-Reply-To: <003901cc5dbf$3c9d9a00$b5d8ce00$@ca>
References: <4E4C44AA.3070302@thelounge.net>
	 <B8E30524-66A7-4856-9808-8850DD5F8324@welsh.co.nz>
	 <4E4C4729.5040905@thelounge.net>	<4E4C4F14.5000306@sugarcrm.com>
	 <4E4C533A.5020909@thelounge.net>
	 <CAAP_MjXReFjxEzMMx2wGJLJ4WW1NFMPvoU+b=q_HQ4e=ygc2TQ@mail.gmail.com>
	 <003901cc5dbf$3c9d9a00$b5d8ce00$@ca>
Content-Type: text/plain; charset="UTF-8"
Date: Thu, 18 Aug 2011 18:09:43 +0200
Message-ID: <1313683784.1489.62.camel@guybrush>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.2 
Content-Transfer-Encoding: 7bit
Subject: RE: [PHP-DEV] Autotests: Access denied for user 'root'@'localhost'
 (using password: NO)
From: johannes@schlueters.de (Johannes =?ISO-8859-1?Q?Schl=FCter?=)

On Thu, 2011-08-18 at 11:55 -0400, Mike Robinson wrote:
> I'm wondering if adding a prompt for the mysql username and password,
> with the defaults set as is, would be possible, and if so, if someone
> were to offer a patch why it shouldn't be considered.

since you would need quite a few prompts. It's not about MySQL only what
about other databases? We also have other tests which are configurable
in one way or the other. But you can easily set the mentioned
environment variables and be done.

> IMHO, if the defaults were used and the tests ran successfully, I'd
> be tempted to display a console message along the lines of "your myself
> default root credentials are wide open, are you being silly?" 

Well as Stas said - on a developer machine where MySQL is not lsitening
to the outside and doesn't store confidential data there is no harm in
having a mysql root without password. Anybody who can exploit it can
already execute arbitrary code which is way more critical.

johannes
(who doesn't get the excitement in this thread)