[MacPorts] howto/MAMP modified
ryandesign at macports.org
Mon Sep 22 12:01:53 PDT 2008
On Sep 22, 2008, at 7:10 AM, Rainer Müller wrote:
> MacPorts wrote:
>> Changed page "howto/MAMP" by ryandesign at macports.org from
>> Page URL: <http://trac.macports.org/wiki/howto/MAMP>
>> Diff URL: <http://trac.macports.org/wiki/howto/MAMP?
>> Revision 19
>> Comment: revert incorrect change to root password setting
>> Index: howto/MAMP
>> --- howto/MAMP (version: 18)
>> +++ howto/MAMP (version: 19)
>> @@ -110,9 +110,10 @@
>> Set the MySQL `root` password (it's currently empty):
>> -mysqladmin5 -u root password -p
>> -This will ask for a new password for the MySQL `root` user.
>> +mysqladmin5 -u root -p password <new-password>
>> +where `<new-password>` is your new desired root password.
> I see the old command failed with:
> mysqladmin5: Too few arguments to change password
> And if I remember correctly it was me who put it there to make the
> process more secure.
I remember you making the change, but at the time I didn't think
about it further or try the revised instructions. It's been so long
since I set up my own MySQL servers that I forgot the specifics.
> Seems like I misunderstood how '-p' works.
The "-p" refers to the current password. For any MySQL command that
needs a username and password, you can either use "-p<current-
password>" (no space between "-p" and the current password) to supply
your current password on the command line, or just use "-p" with no
password, and you'll be prompted to enter your current password.
But the mysqladmin program still requires you to provide the new
password on the command line.
> Typing in passwords directly on the shell prompt is not a good idea
> security reasons. It will get saved in the shell history and is
> to all other users on the same machine in the list of running
I tend to agree, however I consulted "man mysqladmin" and I did not
see any alternative to supplying the new password on the command
line. It was not listed as an optional parameter.
> And the new command is also not absolutely correct. '-p' tells
> mysqladmin5 to prompt for the old password (which is empty on initial
> installation), so it will easily confuse users as they have to
> leave the
> "Enter your password" prompt empty.
In what way is the command not correct now? I tested it and it works.
If I type:
mysqladmin5 -u root -p password foo
then mysqladmin will prompt me for the current root password, and
then set the root password to "foo".
I added a clarifying sentence:
> Maybe it would be better to advice something like this (taken from
> Terminal 1:
> $ mysqld_safe5 --skip-grant-tables
> Terminal 2:
> $ mysql5
> mysql> UPDATE mysql.user SET Password=PASSWORD('foo') WHERE
> mysql> FLUSH PRIVILEGES;
> Although this way the password still ends up in .mysql_history, but at
> least it is not exposed to everyone.
> I think the first method described in  using an init-file is most
> secure, but is a bit complicated. The official install instructions
> also use something like this method.
> Or we decide that the current instructions are safe enough for home
> users (which mostly only have one user on their system), but add a
> about security and that it should not be used on multi-user systems,
> including a link to .
>  http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html
It would probably be fine to leave the current instructions, but add
a note about why it is insecure, and add a reference to the MySQL
documentation for those who need more security.
IMHO the MySQL distribution provides the mysqladmin program to do
this, so it's reasonable to tell the user to use that.
More information about the macports-dev