[TM4J-users] security flaw in install_hibernate.txt?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've just read through the
http://tm4j.org/tm4j/docs/install_hibernate.txt and I think there's
something fishy about some of the stuff in there:

- ----------------
mysql> GRANT ALL PRIVILEGES ON *.* TO 'tm4j'@'localhost'
    ->     IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
mysql> GRANT ALL PRIVILEGES ON *.* TO 'tm4j'@'%'
    ->     IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
- ----------------

I can't see why tm4j should get root privileges? Wouldn't it be better
to grant tm4j access to the database tm4j  (tm4j.*) and create this db
before granting privileges to users, and not afterwards like in the howto?
Further, it should be pointed out that granting access to tm4j@'%' is
_only_ necessary if the db is not running at localhost.

- --
best regards
Magnus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iD8DBQFEdvWJB6/gap0IM6sRAjD+AJ0UzeEWYvWF3LzaxaudROcWpRAg6ACgk2XV
oq8lNr9a7bJfryZjAOOUSo0=
=Jenl
-----END PGP SIGNATURE-----