[nycphp-talk] September Talk
inforequest
1j0lkq002 at sneakemail.com
Tue Aug 16 17:19:44 EDT 2005
Peter Sawczynec ps-at-pswebcode.com |nyphp dev/internal group use| wrote:
>E.g.: kudos to MySQL for their most recent installer that clearly enjoins a
>password on root before deployment.
>
>Why are installs by default too insecure and users have to stumble onto the
>secure methods after the fact. Why not install locked down and let users
>stumble onto the loosening methods after the fact.
>
>Peter
>
>
Because it is desired to have new users functional and appreciative of
the system immediately, so they can see the good, and what
differentiates the product from other options which are likely already
professionally installed and configured on site.
I suspect the looseness of default security is proportional to the rate
of adoption by new technology users. Loose defaults = more initial
adoption, strict defaults = more dropped users. I also suspect MySQL's
imposing a default root pw has more to do with their lessened need to
accommodate new users now that they are "established", than the call for
increased default security. As many can attest, a strong root pw on a
fresh install of MySQL does not a secure environment make.
-=john andrews
www.seo-fun.com
More information about the talk
mailing list