[EROS-Arch] Re: [E-Lang] installing bugzilla

[Ben Laurie]

"Jonathan S. Shapiro" wrote:
> 
> Pardon off-topic post...
> 
> Does anybody on these lists have experience installing bugzilla? We're
> concerned about getting the security set right for mysql. The default
> mysql installation leaves the entire system wide open and vulnerable.

If only local access is required, we usually turn off mysql's TCP
altogether and use the Unix domain socket instead. If the Java interface
doesn't support Unix domain sockets, I believe you can bind the TCP
socket to localhost only (but note our recent BUGTRAQ advisory about the
ability to route to localhost over a network!).

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

ApacheCon 2001! http://ApacheCon.com/