Can arbitrary code run in a server if someone's know just the MySQL password?

[Antoon Pardon]

Op 02-10-13 14:20, Νίκος schreef:
> Tim delaney said:
> 
> "Because there's no chance with the brilliance you display that there
> could be any possibility of login details being kept in plaintext in
> your database.
> 
> And of course your database is so well locked down that no attacker with
> a login to it could then execute arbitrary code on your system.
> 
> And there's also zero chance that your personal account login details
> are also available in plaintext somewhere that you're unaware of."
> ==========
> 
> Is it possible for someone that knows the MYSQL password of a server to
> run arbitrary code on a linux server?
> 
> Okey he uses the password and he gain access to the databases, then
> what? MySQL is a database server how can he run run arbitrary shell
> commands by using MySQL?
> 
> If yes, can you give an example please?
> 
> Also, is there a chance for my account's password to be retrieved on
> some why due to MySQL access or perhaps by utilizing my own python code?
> 
> I'm just trying to figure out how the upload of that .html file happened
> to '/home/nikos/public_html'. I need a theory and Zero Piraeus to answer
> too.
> 
> Please, serious replies only, i won't answer to ironic comments or jokes.

You are not asking a python question. This is a python list. Not a
Nikos advise board. Find a list where your question is more appropiate.

-- 
Antoon Pardon