ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doroszlai, Attila (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-20949) Securing the root account for mysql shouldn't be an advanced feature
Date Sat, 20 May 2017 07:31:04 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-20949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Doroszlai, Attila updated AMBARI-20949:
---------------------------------------
    Component/s:     (was: ambari-sever)
                 ambari-server

> Securing the root account for mysql shouldn't be an advanced feature 
> ---------------------------------------------------------------------
>
>                 Key: AMBARI-20949
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20949
>             Project: Ambari
>          Issue Type: Improvement
>          Components: ambari-server
>    Affects Versions: 2.4.2
>         Environment: *
>            Reporter: Kat Petre
>
> Ambari server does a nice job at installing the internal mysql db and creating the service
[i.e: hive] databases in a secure manner. 
> ```
> [noobie@hdp-2 ~]: mysql -uhive
> ERROR 1045 (28000): Access denied for user 'hive'@'localhost' (using password: NO)
> ```
> However, the mysql root account is wide open. 
> ```
> [noobie@hdp-2 ~]: mysql -uroot
> Welcome to the MySQL monitor.  Commands end with ; or \g.
> ```
> In the spirit of secure by default, it would be nice if the installer prompted the users
to secure their mysql root password, without needing to go into advanced configurations. 

> Might also want to send users a gentile reminder the should manually secure their mysql
database, if they used the default settings.
> CVSS would classify this as "important impact" https://access.redhat.com/security/updates/classification

> For what it's worth, securing mysql is relatively painless. 
> https://dev.mysql.com/doc/refman/5.7/en/mysql-secure-installation.html



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message