Aug
18
3

Passwordless MySQL root account in shared hosting

Author shakir    Category Information Insemination     Tags




I was doing some work with many terminals open, and in one terminal I typed the following to access my MySQL databases;

$ mysql -u root

and I’ve been granted access, as I don’t set any password for my local MySQL account. I was somehow surprised however when I run the following command

mysql> show databases;

as I’ve been presented with many databases, maybe hundreds of them, and with that I realize something is not right somewhere. Upon checking, I found out that I was accessing the wrong server, and to my surprise again, it’s in my shared webhosting’s server.

When thinking creating rogue PHP scripts will let you do what your jailshell won’t let you do, this incident make me want to have a co-located server even more. I guess it’s a bad idea now to have all my shells to look the same when working with multiple terminals.





3 Comments to “Passwordless MySQL root account in shared hosting”

  • Danesh August 23, 2008 at 11:45 pm

    Talk to the hosting company and get to sponsor you a co-hosted package for your discovery… :D

  • shakir August 24, 2008 at 5:21 am

    I blog about this actually because I was frustrated when I got no reply from the hosting company after reporting to them about this, though there was not even a mention about getting free hosting whatsoever in the email. At least not yet :)

    For update, the problem is still there..

  • /home/shakir » Blog Archive » Cheap VPS hosting, anyone? September 11, 2008 at 2:14 pm

    [...] in Information Insemination Due to some serious problems with shared webhosting, as I blogged here and here, I’m now seriously considering to self-host all my [...]

Post comment

Connect with me


What I'm Doing (via twitter)...

  • is applying for US visa. The website is not helping at all http://twitpic.com/16hvxp 1 week ago
  • @abumuaaz want to focus on my wireless project (yes, I get paid for that) and some development work. Ada job to pass ka? :) in reply to abumuaaz 1 week ago
  • is running 'sudo dd if=/dev/zero of=/dev/sda' on his laptop. Will it work, my computer forensic friends? 1 week ago
  • is on his first day of being jobless, hahaha. 1 week ago
  • finished reading Crowdsourcing: Why the Power of the Crowd Is Driving the Future of Business, in 32 hours. Next, Wikinomics. 1 week ago
  • is on his way to island hopping. Woohoo! 1 week ago
  • is leaving on a jetplane, don't know when he'll be back again... 2 weeks ago
  • missed his flight to KK. Will need to take the first flight tomorrow and pray he'll make it for his 9am meeting. 2 weeks ago
  • More updates...

Categories

Tags

bash blog book database debian embedded gutsy howto hsdpa html kde kubuntu linux lpi nature network Photoblog photography php pylons python recovery script security shell sqlalchemy ssh ubuntu vim wireless wordpress

Blogroll

Flickr Photostream
DSC 0336Do not pluck the tea leaves... Yeah, right.I am Super Faiq, and I have a D3!But we don't have much time to cover the whole area.The truth behind your cup of tea, muahahaha....It's my thing. I can do it eyes closed.We wander around the tea plantationTrying out Teletubbies modelingWe get bored easily, and within minutes we're already at a tea plantation.