down and dirty with mysql
Do not try this at home.
Just use 'sed' to change data stored inside a running mysql db. And it worked too. Saw the change data come through within a few seconds. Wonder what the internal mysql process did when it realised that data on the filesystem had changed from what it had in cache. Although there is a good chance that no such test exists inside mysql to start with.
Scary thing is, this whole process worked. Which also means, in case you havent caught on yet, is that its possible to change users passwords and change data stored on file off the command line. Not sure why this surprises me, considering myisam tables are just flat files on disk. Still. Something to think about.
Selinux would help here.
- KB
7 comments
My sed job changed data for about a million rows, and had nothing to do with password mash'ing.
The privilege system is cached, on the other hand. If you changed the privilege tables manually or through mysql (rather than using grant statements), you wouldn't see any changes until someone executed Flush Privileges or restarted MySQL.
Typically only root or mysql can read or update the MySQL datastore, and if either of these users is compromised, you're toast anyway.
I was about to say that it probably didn't but you beat me to it.
"Although there is a good chance that no such test exists inside mysql to start with."
I am not surprised in the least. MySQL is such a piece of junk.
People, if you need a FOSS RDBMS, please use PostgreSQL. It makes everyone's life better. Thanks.
that sounds a bit extreme. While pgsql could potentially be a better all roun db, I think mysql definitely has its place.
29/Mar/2009 07:22:53 pm, 