I think the best thing would be to limit the priviledges to the two
databases that belong to LAS. They are the "las" database and create,
delete and insert tables in the "lasNN" database where "lasNN" is
created by the configure process.
If that's not enough I can research it so more.
Roland
Greg Keith wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all-
Our security guy was just checking out the configuration of our new
Web server when he happened to check the MySQL configuration and
noticed that the "las" MySQL user created during the LAS installation
has global privileges - insert, select, create, update on all
databases and tables. That doesn't fly for a public-facing Web server.
LAS folks - is there any reason why this user could not have
privileges changed to a more secure level after the LAS installation,
if these privileges are required during install?
Greg
>
>
>
>
>
- --
Greg Keith - Web System Administrator greg.keith(-at-)noaa.gov
NOAA ESRL Physical Sciences Division http://www.esrl.noaa.gov/psd
R/PSD, 325 Broadway, Boulder, CO phone: 303-497-6645
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFJemMr8IR34NeP2BwRAhgAAJ0U3CtljjDrL6dyYS4r1x968NCONgCfT6zA
olPH8cJIuuXKN2f2HaIcjSc=
=48qe
-----END PGP SIGNATURE-----
|