[MacPorts] howto/MAMP modified

Rainer Müller raimue at macports.org
Mon Sep 22 05:10:44 PDT 2008 

MacPorts wrote:
> Changed page "howto/MAMP" by ryandesign at macports.org from 76.244.68.113*
> Page URL: <http://trac.macports.org/wiki/howto/MAMP>
> Diff URL: <http://trac.macports.org/wiki/howto/MAMP?action=diff&version=19>
> Revision 19
> Comment: revert incorrect change to root password setting instructions
> 
> -------8<------8<------8<------8<------8<------8<------8<------8<--------
> Index: howto/MAMP
> =========================================================================
> --- howto/MAMP (version: 18)
> +++ howto/MAMP (version: 19)
> @@ -110,9 +110,10 @@
>  Set the MySQL `root` password (it's currently empty):
>  
>  {{{
> -mysqladmin5 -u root password -p
> -}}}
> -This will ask for a new password for the MySQL `root` user.
> +mysqladmin5 -u root -p password <new-password> 
> +}}}
> +
> +where `<new-password>` is your new desired root password. 


I see the old command failed with:
  mysqladmin5: Too few arguments to change password
And if I remember correctly it was me who put it there to make the
process more secure. Seems like I misunderstood how '-p' works.

Typing in passwords directly on the shell prompt is not a good idea for
security reasons. It will get saved in the shell history and is visible
to all other users on the same machine in the list of running processes.

And the new command is also not absolutely correct. '-p' tells
mysqladmin5 to prompt for the old password (which is empty on initial
installation), so it will easily confuse users as they have to leave the
"Enter your password" prompt empty.

Maybe it would be better to advice something like this (taken from [1]):

Terminal 1:
$ mysqld_safe5 --skip-grant-tables

Terminal 2:
$ mysql5
mysql> UPDATE mysql.user SET Password=PASSWORD('foo') WHERE User='root';
mysql> FLUSH PRIVILEGES;

Although this way the password still ends up in .mysql_history, but at
least it is not exposed to everyone.

I think the first method described in [1] using an init-file is most
secure, but is a bit complicated. The official install instructions [2]
also use something like this method.

Or we decide that the current instructions are safe enough for home
users (which mostly only have one user on their system), but add a note
about security and that it should not be used on multi-user systems,
including  a link to [2].

Rainer

[1]
http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html#resetting-permissions-unix
[2] http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html

More information about the macports-dev mailing list