FeedTacoma.com - Local blogs, talk, events, photos, videos, Tacomic, and more!

2006
2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 x
« How do you beat the heat? Home Photos ~ Tacoma's Kaiser smokestack (pre-demolition) »

Latest Entries

Photos ~ Red Hot Birthday

Photos ~ Frost Park Chalk Off #19

Photos ~ 2008 Showcase Tacoma

Photos ~ 'Meaties' BBQ With Friends

Testing comments... Check. Check.

Photos & Video ~ Frost Park Chalk Off #18

View all entries »

Thu. June 29, 2006, 10:38pm PDT

My MySQL root query boo boo

Yeah, this is pretty much an entry for nerdly types but the gist is this: too much power can be bad. Georgy Boy learned that from the Supremes today as did I at work. I was helping a co-worker setup an environment so he could start development on a new website. Part of this process involves setting up the proper access to a database. Since I had the all-powerful root password I connected and set him up a database and user to go with. I also had to assign that user a password in the form a query. Can anyone tell me what's wrong with the following?

UPDATE users SET password = password('iwonttell')

And that's it. Yeah, I know. Bad move Mr. Root. Well, this little devil of a statement is nearly as bad as just plain deleting everything. What it did was change all the passwords for every user to the same thing. I didn't specify exactly for which user I wanted to change the password so it applied it to all 120+ users in that particular database. Now, fortunately, this was our development box and no live sites whatsoever were effected but, boy, was I feeling stupid. It didn't take long to fix but is still a solid reminder to a) back shit up and b) check your head before wielding your power. One misstep can be costly.

 

Comments (5) | To Top

6/30/2006 @ 7:50am

There's a reason you should only log in as root when absolutely necessary.. and even then you should double check what you're doing, twice :)

by Joel

6/30/2006 @ 8:38am

Yeah -- I got my wake up call today, that's for sure.

by KevinFreitas

6/30/2006 @ 9:50am

Thats about as bad as a the unix "rm -rf *" in some directory that you didn't intend to be in while looged in as root. That happened to some admin at work the other day. Talk about shooting yourself in the foot.

by Gavin

6/30/2006 @ 10:00am

Ooh... I once made a pretty devastating query like this one. I recall a particularly unpleasant feeling in my gut. I feel for you.

by Darren Struthers

6/30/2006 @ 10:05am

It's impressive there's not some controls on queries or commands like these -- it might be a simple thing to have the server just verify before over 100 fields or files or something are effected.

by KevinFreitas

Post Comments


(No HTML, comments with http://... will be reviewed)

What is 2 x 7 ?

Remember me? Yes   No

Please do not fill in the following field:

www.kevinfreitas.net   urges you to   Get Firefox