On Feb 25, 2011 8:40 AM, "Aaron Toponce" <aaron.toponce@gmail.com> wrote:
>
> On Fri, Feb 25, 2011 at 12:42:51PM +0100, Sjoerd Hardeman wrote:
> > SQL injecting and web forms will not work for ssh directly, unless
> > you have a very poorly configured apache+mysql-config. Of course
> > there are ways of obtaining someone's password.
>
> Heh. SQL injections can get you all sorts of things. The goal is to get
> into the server via any route possible. If you leave the server open to
> the outside world, disabling root login via ssh isn't granting you any
> security.
>
I'll bite, please explain.