Blank users/passwords
This is a discussion on Blank users/passwords within the MySQL General forum forums, part of the MySQL category; --> I'm a new MySQL DBA taking over admin duties for an existing MySQL nonclustered 4.1 installation. It has 6 ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-28-2008, 07:02 AM
| ||||
| ||||
 Blank users/passwords I'm a new MySQL DBA taking over admin duties for an existing MySQL nonclustered 4.1 installation. It has 6 small user databases. So in the mysql database, I run the query Select host, user, password from user; Which returns the following: +---------------------+-----------------+------------------------------- ------------+ | host | user | password | +---------------------+-----------------+------------------------------- ------------+ | localhost | root | (long hex string) | | localhost network name | root | | | localhost network name | | | | localhost | | (long hex string) | | localhost | one_user | (long hex string) | | % | one_user | (long hex string) | | % | root | (long hex string) | | localhost | two_user | (long hex string) | | IP address x | one_user | (long hex string) | | IP address y | one_user | | +---------------------+-----------------+------------------------------- ------------+ Does this mean that: 1. Line 2 above: root can log in with a blank password from (localhost network name)? 2. Line 3 above: A blank user/password can be used to log in from (localhost network name)? 3. Line 4 above: A blank user can be used to log in from localhost, but a password has been specified? 4. Line 10 above: User "one-user" can be used to log in from IP address y with a blank password? Or am I reading this incorrectly?      |
|
02-28-2008, 07:02 AM
| |||
| |||
| Re: Blank users/passwords Garris, Nicole wrote: > I'm a new MySQL DBA taking over admin duties for an existing MySQL > nonclustered 4.1 installation. It has 6 small user databases. So in the > mysql database, I run the query > > Select host, user, password from user; > > Which returns the following: > > > > +---------------------+-----------------+------------------------------- > ------------+ > > | host | user | password > | > > +---------------------+-----------------+------------------------------- > ------------+ > > | localhost | root | (long hex string) > | > > | localhost network name | root | > | > > | localhost network name | | > | > > | localhost | | (long hex string) > | > > | localhost | one_user | (long hex string) > | > > | % | one_user | (long hex string) > | > > | % | root | (long hex string) > | > > | localhost | two_user | (long hex string) > | > > | IP address x | one_user | (long hex string) > | > > | IP address y | one_user | > | > > +---------------------+-----------------+------------------------------- > ------------+ > > > > Does this mean that: > > 1. Line 2 above: root can log in with a blank password from (localhost > network name)? yes > > 2. Line 3 above: A blank user/password can be used to log in from > (localhost network name)? yes > > 3. Line 4 above: A blank user can be used to log in from localhost, but > a password has been specified? I believe mysql requires a username when a password is supplied But in logic that does not follow rules ;-) ... yes > > 4. Line 10 above: User "one-user" can be used to log in from IP address > y with a blank password? yes > > > > Or am I reading this incorrectly? > > |
|
02-28-2008, 07:02 AM
| |||
| |||
| Re: Blank users/passwords Hi, On Dec 10, 2007 4:51 PM, Garris, Nicole <Nicole.Garris@dof.ca.gov> wrote: > I'm a new MySQL DBA taking over admin duties for an existing MySQL > nonclustered 4.1 installation. It has 6 small user databases. So in the > mysql database, I run the query > > Select host, user, password from user; > > Which returns the following: > > > > +---------------------+-----------------+------------------------------- > ------------+ > > | host | user | password > | > > +---------------------+-----------------+------------------------------- > ------------+ > > | localhost | root | (long hex string) > | > > | localhost network name | root | > | > > | localhost network name | | > | > > | localhost | | (long hex string) > | > > | localhost | one_user | (long hex string) > | > > | % | one_user | (long hex string) > | > > | % | root | (long hex string) > | > > | localhost | two_user | (long hex string) > | > > | IP address x | one_user | (long hex string) > | > > | IP address y | one_user | > | > > +---------------------+-----------------+------------------------------- > ------------+ > > > > Does this mean that: > > 1. Line 2 above: root can log in with a blank password from (localhost > network name)? > > 2. Line 3 above: A blank user/password can be used to log in from > (localhost network name)? > > 3. Line 4 above: A blank user can be used to log in from localhost, but > a password has been specified? > > 4. Line 10 above: User "one-user" can be used to log in from IP address > y with a blank password? Blank password means "no password." Blank username means "anonymous user." I would get rid of the anonymous users, whose permissions can invisibly attach themselves to every user (though they will never show up in SHOW GRANTS), and definitely set passwords for everyone. It looks like you're running an installation with default privileges. I'd also look into mysql.host and delete anything that doesn't look like it's specific to your installation. (There is rarely/never a reason for an entry in this table anyway.) |
|
02-28-2008, 07:02 AM
| ||||
| ||||
| Re: Blank users/passwords 1)the user you have connected with does not have permissions to the table 2)you have not yet connected to the DB containing users table easily solved by connect mysql and rerun query Viel Gluck/Buena Suerte Martin-- ----- Original Message ----- Wrom: LYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMY To: <mysql@lists.mysql.com> Sent: Monday, December 10, 2007 4:51 PM Subject: Blank users/passwords I'm a new MySQL DBA taking over admin duties for an existing MySQL nonclustered 4.1 installation. It has 6 small user databases. So in the mysql database, I run the query Select host, user, password from user; Which returns the following: +---------------------+-----------------+------------------------------- ------------+ | host | user | password | +---------------------+-----------------+------------------------------- ------------+ | localhost | root | (long hex string) | | localhost network name | root | | | localhost network name | | | | localhost | | (long hex string) | | localhost | one_user | (long hex string) | | % | one_user | (long hex string) | | % | root | (long hex string) | | localhost | two_user | (long hex string) | | IP address x | one_user | (long hex string) | | IP address y | one_user | | +---------------------+-----------------+------------------------------- ------------+ Does this mean that: 1. Line 2 above: root can log in with a blank password from (localhost network name)? 2. Line 3 above: A blank user/password can be used to log in from (localhost network name)? 3. Line 4 above: A blank user can be used to log in from localhost, but a password has been specified? 4. Line 10 above: User "one-user" can be used to log in from IP address y with a blank password? Or am I reading this incorrectly? |
 |
« MySQL give me the following error:Do you already have another
|
Weird behavior with date(null) and if »
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 07:20 PM.
