Hi Joe,
When the Virtualmin/Webmin Pro is installed, does the MySQL server module access MySQL using the default MySQL root user with no password? To improve security, should we go in the MySQL server module and enter a new password for VirtualMin/Webmin’s MySQL access? And if we enter it there, VirtualMin/Webmin will know to use the new password and not get locked out?
Hey Rick,
Yes, password protecting MySQL is recommended. And Virtualmin/Webmin can easily be configured to use the new password (this can all be done in the Webmin MySQL module).
I think I had briefly toyed with enforcing setting a root password on MySQL, but there were some issues with it. Perhaps I’ll come back to it in the installer during the re-factor that’s planned for whenever I finally get all of the stupid issues with the new website resolved.
I did this on my test server.
I went into
Webmin/MySQLDatabase Server/Database Connections/root
I changed Password to "Set To" and added a password.
Saved
I lost the connection to the databse.
I think it said something about a password was provided for a login
in which it was not allowed.
It prompted for a database login and password.
I provided them.
Webmin is displaying the MySQL databases again, but I notice that if I click on "Database Connections" it says "There are no other database client connections at this time.", which is a little worrysome, since this is different from before it listed root with no Password.
I took away root’s password, but the “Database Connections” still says “no client connections”. Is this a problem?
Hi Rick,
You will see something at DATABASE CONNECTIONS only if someone is accessing a mysql database hosted on the server, or accessing a web application (e.g. mysql-based forum) that uses mysql. I suppose if you are looking at your test server, you will naturally see "no client connections".
You can open a 2nd browser window to access Webmin > Servers > MySQL Database Server and browse any of the databases there.
Use your 1st browser window to check DATABASE CONNECTIONS again, and you will see that there is 1 connection, i.e. you.
Thank you ah!
Oddly enough, when I brought up two copies of webmin on the same server, browsed a table with records, in the other webmin it still says "There are no other database client connections at this time". I even tried viewing the forum I had installed from another pc on the network.
Everything works. Nevertheless it makes me a bit uneasy about putting a password on my production server mysql right away.
Hi Ah,
I went ahead and followed your advice and applied the password on my production server.
After setting it I got:
DBI connect failed : Access denied for user ‘root’@‘localhost’ (using password: NO)
And then when I click on the mysql server it prompted for a password and everything was back, except the connection listed in "Database Connections".
Like you said, having it out there with no password seemed to dangerous. So I’ll deal with any real problem once it occurs. But right now the server is otherwise serving the mysql data just fine.
Thanks
No probs, Rick. Having no password for mysql root user is a BIG SECURITY RISK.
The error message is to be expected, simply because your “old” password is no longer valid. Just enter the new password and you’re back on, just as you did. You only need to do it once.
The Database Connections thingy is less important than security.
Hi Rick,
Having or not having a mysql ‘root’ user password has no implication whatsoever on whether you can or cannot see database connections.[color=#FF0000][/color]
[color=#FF6600]You SHOULD DEFINITELY insert a password for mysql ‘root’ user RIGHT NOW![/color] Because anyone can log in to mysql on your server as ‘root’ user and do anything with the mysql databases!
Read:
"Try mysql -u root. If you are able to connect successfully to the server without being asked for a password, anyone can connect to your MySQL server as the MySQL root user with full privileges!"
http://dev.mysql.com/doc/refman/5.0/en/security-guidelines.html
"The initial root account passwords are empty, so anyone can connect to the MySQL server as root â