Hi Dan,
By default 2 anonymous user accounts are setup in the mysql database. You will
have to delete them first. you should find that you can login with any name
(except the specified ones) without password. This will probably allow you to
view the databases f.e. with "SHOW DATABASES;", but you shouldnt be able to
insert, update or delete anything. Anyway to view your user name to this:
mysql> SELECT user();
It will show you as what you are logged in (username and host).
Use
mysql> SELECT current_user();
to see which mysql privilege account you are currently using.
http://www.mysql.com/doc/en/Miscellaneous_functions.html
You will have to delete the annonymous user accounts like this:
mysql> use mysql;
mysql> DELETE FROM mysql.user WHERE User='';
mysql> FLUSH PRIVILEGES;
Than you will be fine and you should be able to log in with any anonymous user
accounts. ;-)
Best regards
Nils Valentin
Tokyo/Japan
2003年 7月 3日 木曜日 06:18、Dan Ullom さんは書きました:
> I recently stumbled onto the ability to log into a mysql server from the
> command line with any table name, and a blank password. ie: mysql -u mysql
> My root account has a password set, and a few users with limited access but
> I haven't done much else as far security goes. I've tried this on a 3.23
> and 4.0 mysql server running on RedHat and FreeBSD. Is there a setting I
> need to change to stop this?
>
> Thanks in advance,
> Dan Ullom
--
---
Valentin Nils
Internet Technology
E-Mail: nils@stripped
URL: http://www.knowd.co.jp
Personal URL: http://www.knowd.co.jp/staff/nils
