ABCs of Password Security
These inexperienced MySQL users must be educated as to the essentials of security. Rule No. 1 is that root password abilities must be disabled. Alternate log-ins give full administrative access with a separate password and also must be changed from the default. Evert Ford is a software developer and MySQL user at Westone Laboratories, in Colorado Springs, Colo. He told me that hes not aware of there being many security-oblivious MySQL users, judging from the time he spends in online forums. "The reason Id say this is that MySQL is an open-source application," he told me. "The feeling Ive gotten in reading the forums and talking to friends is the default behavior for most MySQL administrators is they unpack an application and they automatically reset the passwords."Thats fine. As Ford said, weve all got to start someplace, and starting with an open-source database like MySQL is a great place to launch a DBA career. But, if you know of any inexperienced MySQL downloaders, do us all a favor and educate them as to the importance of changing default passwords and of creating strong passwords. Microsoft has a good Web page devoted to creating strong passwords. The gist is simple. A strong password:
That is undoubtedly true for the majority of MySQL users, but when youre talking about a database thats up to some 8 million downloads, youre going to get some inexperienced users in the bunch.
- Is at least seven characters long.
- Contains letters, numbers and symbols.
- Has at least one symbol character in the second through sixth positions.
- Is significantly different from prior passwords.
- Doesnt contain names or user names.
- Isnt a common word or name.