#157 security hole

GNADE 1.X
open
9
2009-06-07
2007-09-17
Björn Persson
No

samples/sample_db/create_user.mysql.sql installs a wide open backdoor: a passwordless database account with full privileges on all databases! The account must not have any privileges outside of GNADE's demo database.

Discussion

  • Björn Persson
    Björn Persson
    2007-09-17

    • priority: 5 --> 9
     
  • To be honest i my knowledge about mysql is rather limited. Could you make a proposal how to handle the issue?

     
    • assigned_to: nobody --> merdmann
     
    • labels: --> Configuration