mysql root password plain text setup.txt

Hello Directadmin support,

How safe/unsafe is it to have setup.txt display in plain text, the mysql root password ?

Thanks !

The DirectAdmin forums are not an official support forum. You might want to contact them directly.

Here's my take on it: it all depends where you keep it. Of course a local exploit could find it, but generally it's kept far away from anywhere a web browser can find.

While I don't especially like it, I can't see a different way to easily keep it on the server.

Any other comments?

Jeff

Thanks Jeff, You feel the same way we do about it We're thinking of changing it to something else. Does any script or application make refference to this file ? In other words, if we change mysqlroot password to something other than what it indicates in that file, will we break any DA related processes that you know of ?

Nothing in da uses mysql. Its only required in /usr/local/directadmin/conf/mysql.conf for setting up and removing database for the users.

And it probably only needs the grant, add database, remove database privileges.

I always change my mysql root pass after setting up anyways.