On 8/18/2014 6:45 PM, Ken Tanzer wrote:
> Thanks. I'm not really worried about this particular vulnerability,
> just wondering about the more general idea that having db user name =
> os user could reduce your security, even if only slightly. Is it just
> as conceivable that a vulnerability could come along that was more
> exploitable only if the two names were _different_?
what I read on that vunerability, it was talking about dbuser == dbname,
not os user. and frankly, I didn't get their rationale for that.
--
john r pierce 37N 122W
somewhere on the middle of the left coast