[snowwolf]

I think the point the parent is trying to make is why allow options 1-3 (disable protected mode) at all? Why not require only option 4 to accept non localhost connections?

Although that doesn’t stop someone setting up an install script with a “default” password that becomes known.

[awinder]

Taking a cursory glance you can find a lot of articles on — exposed MySQL / Postgres servers being infected when they run with weak / default passwords. Exposing your db servers beyond the private network is the problem, kudos for trying to support people, but trying to secure open dbs on the net will always be a cat & mouse game.

[twic]

That was my point, yes. And my strange suggestion about having an additional server-generated secret was an attempt to secure even servers with weak passwords.