Passwordless MySQL root account in shared hosting


I was doing some work with many terminals open, and in one terminal I typed the following to access my MySQL databases;

$ mysql -u root

and I’ve been granted access, as I don’t set any password for my local MySQL account. I was somehow surprised however when I run the following command

mysql> show databases;

as I’ve been presented with many databases, maybe hundreds of them, and with that I realize something is not right somewhere. Upon checking, I found out that I was accessing the wrong server, and to my surprise again, it’s in my shared webhosting’s server.

When thinking creating rogue PHP scripts will let you do what your jailshell won’t let you do, this incident make me want to have a co-located server even more. I guess it’s a bad idea now to have all my shells to look the same when working with multiple terminals.


This entry was posted on Monday, August 18th, 2008 at 3:02 pm and is filed under Information Insemination. You can follow any comments to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Passwordless MySQL root account in shared hosting”

Talk to the hosting company and get to sponsor you a co-hosted package for your discovery… :D

Danesh
08.23.08 at 11:45 pm
Permalink

I blog about this actually because I was frustrated when I got no reply from the hosting company after reporting to them about this, though there was not even a mention about getting free hosting whatsoever in the email. At least not yet :)

For update, the problem is still there..

shakir
08.24.08 at 5:21 am
Permalink

Leave a Reply

Advertisement