List:General Discussion« Previous MessageNext Message »
From:Gerald Clark Date:August 10 2001 2:08pm
Subject:Re: "root"/"bhaselto" same pwd, but mysql thinks one is blank
View as plain text  
You forgot to "flush privileges"

Bennett Haselton wrote:

> I gave the same password to user "root" and user "bhaselto", using the 
> statements:
> 
> UPDATE user SET Password=PASSWORD('xxxxxxxx') WHERE user='root';
> UPDATE user SET Password=PASSWORD('xxxxxxxx') WHERE user='bhaselto';
> 
> (using the real password instead of 'xxxxxxxx', of course).  The 'user' 
> table shows them as having the same scrambled password:
> 
> mysql> select Host, User, Password from user;
> +-----------------------+----------+------------------+
> | Host                  | User     | Password         |
> +-----------------------+----------+------------------+
> | localhost             | root     | xxxxxxxxxxxxxxxx |
> | localhost.localdomain | root     | xxxxxxxxxxxxxxxx |
> | localhost             |          |                  |
> | localhost.localdomain |          |                  |
> | localhost             | bhaselto | xxxxxxxxxxxxxxxx |
> +-----------------------+----------+------------------+
> 5 rows in set (0.00 sec)
> 
> (where 'xxxxxxxxxxxxxxxx' represents the scrambled password, and is *the 
> same* in all three places -- I've obfuscated it here even though I still 
> can't see how you could break into someone's account knowing only the 
> scrambled password, since it's non-reversible).
> 
> However, only user "root" appears to have a non-blank password.  If I 
> try "mysql -u root" from the command line, I can't log in, and instead I 
> have to enter "mysql -u root -p" and then type the 'xxxxxxxx' password 
> when prompted.  This is expected.  But when I try to log in as 
> "bhaselto", I can type
>     "mysql -u bhaselto"
> and log right in with no password.  If I type "mysql -u bhaselto -p" and 
> then get prompted for a password, I have to hit Enter (submitting a 
> blank password) to log in.  I tried stopping and starting the mysql 
> service but it didn't help.  Why does mysql not ask for a password for 
> user "bhaselto"?
> 
> Related question: if I try accessing the database using the DBI perl 
> module, then:
>  >>>
> my $dbh = DBI->connect("DBI:mysql:database=menagerie;host=localhost",
>     'root', # username
>     'xxxxxxxx', # password
>         {'RaiseError' => 1 }
>     );
>  >>>
> 
> connects *succesfully*.  However, this code:
>  >>>
> my $dbh = DBI->connect("DBI:mysql:database=menagerie;host=localhost",
>     'bhaselto', # username
>     'xxxxxxxx', # password
>         {'RaiseError' => 1 }
>     );
>  >>>
> 
> fails with the error:
>  >>>
> DBI->connect(database=menagerie;host=localhost) failed: Access denied 
> for user: 'bhaselto@localhost' (Using password: YES) at dbdtest.pl line 5
>  >>>
> 
> And this code:
>  >>>
> my $dbh = DBI->connect("DBI:mysql:database=menagerie;host=localhost",
>     'bhaselto', # username
>     '', # password
>         {'RaiseError' => 1 }
>     );
>  >>>
> 
> (i.e. using a blank password for user "bhaselto") fails with the error:
>  >>>
> DBI->connect(database=menagerie;host=localhost) failed: Access denied 
> for user: '@localhost' to database 'menagerie' at dbdtest.pl line 5
>  >>>
> 
> So, if the password for user "bhaselto" really is blank, why didn't the 
> second example work?  And, for that matter, in the second example, it 
> was the *password* that was blank, not the *username* -- so why did the 
> error message refer to "user: '@localhost'"?  It seems like it should 
> have referred to "user: 'bhaselto@localhost'" since I did give the 
> username as bhaselto.
> 
> Thanks very much to anyone who can help me sort this out! :)
> 
>     -Bennett
> 
> bennett@stripped     http://www.peacefire.org
> (425) 649 9024
> 
> 
> ---------------------------------------------------------------------
> Before posting, please check:
>   http://www.mysql.com/manual.php   (the manual)
>   http://lists.mysql.com/           (the list archive)
> 
> To request this thread, e-mail <mysql-thread82124@stripped>
> To unsubscribe, e-mail 
> <mysql-unsubscribe-gerald_clark=suppliersystems.com@stripped>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php


-- 
Gerald L. Clark
gerald_clark@stripped

Thread
"root"/"bhaselto" same pwd, but mysql thinks one is blankBennett Haselton10 Aug
  • Re: "root"/"bhaselto" same pwd, but mysql thinks one is blankGerald Clark10 Aug
    • Re: "root"/"bhaselto" same pwd, but mysql thinks one is blankBennett Haselton10 Aug
  • Re: "root"/"bhaselto" same pwd, but mysql thinks one is blankStefan Hinz12 Aug
    • Error 127 from table handlerMike Tiffee13 Aug
      • RE: Error 127 from table handlerChris Bolt13 Aug