Note that it's easy to retrieve table names with read access to the
"information_schema" database in MySQL, so in order to gain the full
advantage of changing table prefixes, one should also block the MySQL user
from accessing "information_schema".
Ulf
On Mon, Jul 1, 2013 at 8:21 PM, Dom Latter <bitfolk-users@???> wrote:
> On 08/06/13 13:25, Ian wrote:
>
> BWPS makes a big fuss about changing the database prefix for example.
>> But if someone has access to the database, you're stuffed regardless.
>>
>
> I'm a bit late but I just thought I'd comment here - it may be no use
> at all against a real attacker but the greatest threat to most wordpress
> sites comes from scripted attacks - which may well assume a default
> wp_ prefix. Because it works (for the attacker) well enough.
>
> To avoid getting eaten by the lion, you don't have to run faster than
> the lion, just faster than the people around you.
>
> So anything that might make a scripted attack give up and move on to
> the next target is an effective security measure.
>
>
> ______________________________**_________________
> users mailing list
> users@???
> https://lists.bitfolk.com/**mailman/listinfo/users<https://lists.bitfolk.com/mailman/listinfo/users>
>
