Quote:
Originally Posted by raymor
Most any PHP script will provide enough access, and by default no password is required to log
in to the database. This due to a widely held misconception about how the default account works.
So default MySQL, not secured by someone who knows what they are doing + any popular PHP script = DB publicly available.
Certainly DB access to remote servers (tcp) should be disabled if possible.
|
Care to expand further on the MySQL default account?