My MySQL root query boo boo

Yeah, this is pretty much an entry for nerdly types but the gist is this: too much power can be bad. Georgy Boy learned that from the Supremes today as did I at work. I was helping a co-worker setup an environment so he could start development on a new website. Part of this process involves setting up the proper access to a database. Since I had the all-powerful root password I connected and set him up a database and user to go with. I also had to assign that user a password in the form a query. Can anyone tell me what's wrong with the following?

UPDATE users SET password = password('iwonttell')

And that's it. Yeah, I know. Bad move Mr. Root. Well, this little devil of a statement is nearly as bad as just plain deleting everything. What it did was change all the passwords for every user to the same thing. I didn't specify exactly for which user I wanted to change the password so it applied it to all 120+ users in that particular database. Now, fortunately, this was our development box and no live sites whatsoever were effected but, boy, was I feeling stupid. It didn't take long to fix but is still a solid reminder to a) back shit up and b) check your head before wielding your power. One misstep can be costly.

posted Jun 29, 2006 under mysql, sql query, update  


← Prev Post Next Post →


Related Posts

Recently

Sign In