|
| PORTAIL | ANNUAIRE | ARTICLES | COMPARATEUR HÉBERGEURS | DEVIS | FORUMS | RÉDUCTEUR D'URL |
|
10/12/2007, 22h51
|
#1 |
Messages: n/a
Hébergeur: |
Blank users/passwords
I'm a new MySQL DBA taking over admin duties for an existing MySQL
nonclustered 4.1 installation. It has 6 small user databases. So in the mysql database, I run the query Select host, user, password from user; Which returns the following: +---------------------+-----------------+------------------------------- ------------+ | host | user | password | +---------------------+-----------------+------------------------------- ------------+ | localhost | root | (long hex string) | | localhost network name | root | | | localhost network name | | | | localhost | | (long hex string) | | localhost | one_user | (long hex string) | | % | one_user | (long hex string) | | % | root | (long hex string) | | localhost | two_user | (long hex string) | | IP address x | one_user | (long hex string) | | IP address y | one_user | | +---------------------+-----------------+------------------------------- ------------+ Does this mean that: 1. Line 2 above: root can log in with a blank password from (localhost network name)? 2. Line 3 above: A blank user/password can be used to log in from (localhost network name)? 3. Line 4 above: A blank user can be used to log in from localhost, but a password has been specified? 4. Line 10 above: User "one-user" can be used to log in from IP address y with a blank password? Or am I reading this incorrectly? |
|
|
10/12/2007, 23h09
|
#2 |
|
Messages: n/a
Hébergeur: |
Re: Blank users/passwords
Hi,
On Dec 10, 2007 4:51 PM, Garris, Nicole <Nicole.Garris@dof.ca.gov> wrote: > I'm a new MySQL DBA taking over admin duties for an existing MySQL > nonclustered 4.1 installation. It has 6 small user databases. So in the > mysql database, I run the query > > Select host, user, password from user; > > Which returns the following: > > > > +---------------------+-----------------+------------------------------- > ------------+ > > | host | user | password > | > > +---------------------+-----------------+------------------------------- > ------------+ > > | localhost | root | (long hex string) > | > > | localhost network name | root | > | > > | localhost network name | | > | > > | localhost | | (long hex string) > | > > | localhost | one_user | (long hex string) > | > > | % | one_user | (long hex string) > | > > | % | root | (long hex string) > | > > | localhost | two_user | (long hex string) > | > > | IP address x | one_user | (long hex string) > | > > | IP address y | one_user | > | > > +---------------------+-----------------+------------------------------- > ------------+ > > > > Does this mean that: > > 1. Line 2 above: root can log in with a blank password from (localhost > network name)? > > 2. Line 3 above: A blank user/password can be used to log in from > (localhost network name)? > > 3. Line 4 above: A blank user can be used to log in from localhost, but > a password has been specified? > > 4. Line 10 above: User "one-user" can be used to log in from IP address > y with a blank password? Blank password means "no password." Blank username means "anonymous user." I would get rid of the anonymous users, whose permissions can invisibly attach themselves to every user (though they will never show up in SHOW GRANTS), and definitely set passwords for everyone. It looks like you're running an installation with default privileges. I'd also look into mysql.host and delete anything that doesn't look like it's specific to your installation. (There is rarely/never a reason for an entry in this table anyway.) |
|
|
|
10/12/2007, 23h14
|
#3 |
|
Messages: n/a
Hébergeur: |
Re: Blank users/passwords
Garris, Nicole wrote:
> I'm a new MySQL DBA taking over admin duties for an existing MySQL > nonclustered 4.1 installation. It has 6 small user databases. So in the > mysql database, I run the query > > Select host, user, password from user; > > Which returns the following: > > > > +---------------------+-----------------+------------------------------- > ------------+ > > | host | user | password > | > > +---------------------+-----------------+------------------------------- > ------------+ > > | localhost | root | (long hex string) > | > > | localhost network name | root | > | > > | localhost network name | | > | > > | localhost | | (long hex string) > | > > | localhost | one_user | (long hex string) > | > > | % | one_user | (long hex string) > | > > | % | root | (long hex string) > | > > | localhost | two_user | (long hex string) > | > > | IP address x | one_user | (long hex string) > | > > | IP address y | one_user | > | > > +---------------------+-----------------+------------------------------- > ------------+ > > > > Does this mean that: > > 1. Line 2 above: root can log in with a blank password from (localhost > network name)? yes > > 2. Line 3 above: A blank user/password can be used to log in from > (localhost network name)? yes > > 3. Line 4 above: A blank user can be used to log in from localhost, but > a password has been specified? I believe mysql requires a username when a password is supplied But in logic that does not follow rules ;-) ... yes > > 4. Line 10 above: User "one-user" can be used to log in from IP address > y with a blank password? yes > > > > Or am I reading this incorrectly? > > |
|
|
|
10/12/2007, 23h17
|
#4 |
|
Messages: n/a
Hébergeur: |
Re: Blank users/passwords
1)the user you have connected with does not have permissions to the table
2)you have not yet connected to the DB containing users table easily solved by connect mysql and rerun query Viel Gluck/Buena Suerte Martin-- ----- Original Message ----- Wrom: LYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMY To: <mysql@lists.mysql.com> Sent: Monday, December 10, 2007 4:51 PM Subject: Blank users/passwords I'm a new MySQL DBA taking over admin duties for an existing MySQL nonclustered 4.1 installation. It has 6 small user databases. So in the mysql database, I run the query Select host, user, password from user; Which returns the following: +---------------------+-----------------+------------------------------- ------------+ | host | user | password | +---------------------+-----------------+------------------------------- ------------+ | localhost | root | (long hex string) | | localhost network name | root | | | localhost network name | | | | localhost | | (long hex string) | | localhost | one_user | (long hex string) | | % | one_user | (long hex string) | | % | root | (long hex string) | | localhost | two_user | (long hex string) | | IP address x | one_user | (long hex string) | | IP address y | one_user | | +---------------------+-----------------+------------------------------- ------------+ Does this mean that: 1. Line 2 above: root can log in with a blank password from (localhost network name)? 2. Line 3 above: A blank user/password can be used to log in from (localhost network name)? 3. Line 4 above: A blank user can be used to log in from localhost, but a password has been specified? 4. Line 10 above: User "one-user" can be used to log in from IP address y with a blank password? Or am I reading this incorrectly? |
|
|
 |
| Outils de la discussion | |
|
|
