You forgot to "flush privileges"
Bennett Haselton wrote:
> I gave the same password to user "root" and user "bhaselto", using the
> statements:
>
> UPDATE user SET Password=PASSWORD('xxxxxxxx') WHERE user='root';
> UPDATE user SET Password=PASSWORD('xxxxxxxx') WHERE user='bhaselto';
>
> (using the real password instead of 'xxxxxxxx', of course). The 'user'
> table shows them as having the same scrambled password:
>
> mysql> select Host, User, Password from user;
> +-----------------------+----------+------------------+
> | Host | User | Password |
> +-----------------------+----------+------------------+
> | localhost | root | xxxxxxxxxxxxxxxx |
> | localhost.localdomain | root | xxxxxxxxxxxxxxxx |
> | localhost | | |
> | localhost.localdomain | | |
> | localhost | bhaselto | xxxxxxxxxxxxxxxx |
> +-----------------------+----------+------------------+
> 5 rows in set (0.00 sec)
>
> (where 'xxxxxxxxxxxxxxxx' represents the scrambled password, and is *the
> same* in all three places -- I've obfuscated it here even though I still
> can't see how you could break into someone's account knowing only the
> scrambled password, since it's non-reversible).
>
> However, only user "root" appears to have a non-blank password. If I
> try "mysql -u root" from the command line, I can't log in, and instead I
> have to enter "mysql -u root -p" and then type the 'xxxxxxxx' password
> when prompted. This is expected. But when I try to log in as
> "bhaselto", I can type
> "mysql -u bhaselto"
> and log right in with no password. If I type "mysql -u bhaselto -p" and
> then get prompted for a password, I have to hit Enter (submitting a
> blank password) to log in. I tried stopping and starting the mysql
> service but it didn't help. Why does mysql not ask for a password for
> user "bhaselto"?
>
> Related question: if I try accessing the database using the DBI perl
> module, then:
> >>>
> my $dbh = DBI->connect("DBI:mysql:database=menagerie;host=localhost",
> 'root', # username
> 'xxxxxxxx', # password
> {'RaiseError' => 1 }
> );
> >>>
>
> connects *succesfully*. However, this code:
> >>>
> my $dbh = DBI->connect("DBI:mysql:database=menagerie;host=localhost",
> 'bhaselto', # username
> 'xxxxxxxx', # password
> {'RaiseError' => 1 }
> );
> >>>
>
> fails with the error:
> >>>
> DBI->connect(database=menagerie;host=localhost) failed: Access denied
> for user: 'bhaselto@localhost' (Using password: YES) at dbdtest.pl line 5
> >>>
>
> And this code:
> >>>
> my $dbh = DBI->connect("DBI:mysql:database=menagerie;host=localhost",
> 'bhaselto', # username
> '', # password
> {'RaiseError' => 1 }
> );
> >>>
>
> (i.e. using a blank password for user "bhaselto") fails with the error:
> >>>
> DBI->connect(database=menagerie;host=localhost) failed: Access denied
> for user: '@localhost' to database 'menagerie' at dbdtest.pl line 5
> >>>
>
> So, if the password for user "bhaselto" really is blank, why didn't the
> second example work? And, for that matter, in the second example, it
> was the *password* that was blank, not the *username* -- so why did the
> error message refer to "user: '@localhost'"? It seems like it should
> have referred to "user: 'bhaselto@localhost'" since I did give the
> username as bhaselto.
>
> Thanks very much to anyone who can help me sort this out! :)
>
> -Bennett
>
> bennett@stripped http://www.peacefire.org
> (425) 649 9024
>
>
> ---------------------------------------------------------------------
> Before posting, please check:
> http://www.mysql.com/manual.php (the manual)
> http://lists.mysql.com/ (the list archive)
>
> To request this thread, e-mail <mysql-thread82124@stripped>
> To unsubscribe, e-mail
> <mysql-unsubscribe-gerald_clark=suppliersystems.com@stripped>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
--
Gerald L. Clark
gerald_clark@stripped
