MySQL remote access problem
I quite like being able to use my own tools to edit my website database, MySQL Query Browser rather than phpMyAdmin (although both are powerful tools). I was concerned today when I logged in that I got not only my own list of MySQL databases, but also everyone else’s!
A quick chat with Web Hosting UK‘s support, notifying them of my security concerns led to it being quickly dealt with – although no information was given for the cause.
A couple of things stood out in the conversation:
- Passwords
After telling the first support person that I wasn’t comfortable giving out my account login details, I was instantly transferred to someone else who asked the same thing (twice). I can understand them wanting to test the problem out on their end, but I still don’t like the idea of tech support people asking for account usernames and passwords over unencrypted channels – I don’t even know who I’m talking to apart from a first name. - Names
This was quite odd – the two “Technical Support” people I spoke to both used female first names (Karen and Nicole). Not to say that women can’t be technical, I just find it surprising to find two women in tech support. The other conclusion is that the names are chosen as a psychological factor with the clients.
The issue is fixed and I’ll check every now and again before my trial period is up to see if it resurfaces. If it does, I wonder if Emma, Lucy or Sharon will ask me for my password.