I was presented with an argument to the tune of "you don't need a strong mysql user password because in order to use it, they'd already have access to your server." We're talking about a 4 digit password that is a standard english dictionary word on a live business website.
Without influencing the answers with my own knowledge and experience, I'd like to show them some responses from a disinterested 3rd party source. Anyone care to chime in on this one? Programming / practical answers would be appreciated.
Whoever was making this argument seems to be saying "Once someone has their foot in the door, you might as well give them complete access". By that logic, a firewall negates the need for all passwords on your internal network.
Strong passwords are one step towards limiting the damage done by network intrusion. There's no reason to throw your hands up in defeat just because one small part of your network was compromised.
It really goes back to the idea of 'Defense in Depth' so at least a strong password could slow them down so that you can discover and block them. I like the analogy of having a single key for a gated community vs. a key on the door of every house.
It depends a lot on how your MySQL server is setup. If it only accepts requests off of the home (127.0.0.1) ip, that does make it moderately more secure.
Given a scenario where you allow remote IPs it becomes a much bigger deal.
In addition to that, it's always good to have strong security in case of intrusion - better that they walk away with as little as possible.
Is there a lock on the Petty Cash box in Accounting? If so, why? Doesn't the building have physical security?
This isn't true, because mysql can also be used in cross-network client-server enviroment, and by default the only thing you need is user/pass to gain access to the database (offcourse, with 3306 port opened and server publicly visible).
Indeed it can be the other way : if they have access to mysql, they could be able to access the server OS itself.
If someone gets root access to your server, then they won't need any MySQL password. But if they can only execute apps on your server as a non-root and non-web user, then a strong MySQL password can still save your data. But yeah, most hacks come from the web, that means the hacker will get access to your web account and can therefore extract the DB password from PHP files.
All of this assuming your MySQL server is not accepting connections from anywhere but localhost. If it does then you need a strong PW.
Something that seems to have been overlooked here is, do you trust your users on the trusted network?
Frankly, I don't, because I know what I was like when I was starting out in IT. I would poke and prod in areas that I had no right to, and frankly a weak MySQL password would have been a delight to me as I would have taken a pot-luck chance and got in and I could have wreaked havock (by accident, of course).
What if someone uses social engineering to get onto your trusted network? Then what do you do? If they're on a machine behind the firewall them blammo, your rock-solid firewall security is ruined and they're straight into the machine.
Strong passwords are so simple to do and there's a lot of password management tools to make keeping the passwords secure easy, so there's really no excuse for not doing it.
Eh. If your server is IP locked, and your user is restricted to SELECT on a set of tables where you don't care about the information, it's not a huge deal.
On the other hand, I set my MySQL passwords by whacking on the keyboard for a minute, and copy pasting the resulting gibberish into a protected file, which I reference in my code whenever I need to log in. This is how it should work.
Why make it easy? If the password is attached to a limited local account (as they all should be), then why are you typing it in? If it's not, it should have a password whose strength is relative to the value of the data you're protecting.
mySQLs account/access information is stored in a separate file from the actual databases. Thus you can simply drag and drop a different file into its place. With mySQL if they have write access to the relevant part of your filesystem the game is over.