MySQL Lists are EOL. Please join:

List:General Discussion« Previous MessageNext Message »
From:Michael Stassen Date:March 3 2004 7:51pm
Subject:Re: Question on root access
View as plain text  
Kieran Kelleher wrote:

> Here is the user, host and password fields from one of my MySQL servers 
> named TestServer
> 
> mysql> select user, host, password from user;
> +------------+------------+------------------+
> | user       | host       | password         |
> +------------+------------+------------------+
> | root       | localhost  | hekw8838hdd8938d |
> | root       | TestServer |                  |
> |            | localhost  |                  |
> |            | TestServer |                  |
> | root       | 192.%      | hekw8838hdd8938d |
> +------------+------------+------------------+
> 6 rows in set (0.03 sec)
> 
> The first and last entries were created by me and are fine.
> 
> The 3rd and fourth are default entries which block everyone access (all 
> the privileges are 'N' for those
> 
> But what about the second entry? I did not create it .... is it a 
> security risk since it has no password? I tested it to be sure and 
> cannot even log in on the local machine using the host parameter 
> 'TestServer'....

The first four entries were created by default (mysql_install_db), and 
you followed the directions to set a password for the first one.  The 
second entry says root can connect via tcp *from* the machine with 
hostname TestServer with no password.  Presumably, TestServer is (or 
was) the hostname of your machine.

> TestServer:~ admin$ mysql -u root -h TestServer -p

Here you try to connect via tcp *to* the mysql server on the machine 
with hostname TestServer.

> Enter password:
> ERROR 2005: Unknown MySQL Server Host 'TestServer' (1)
> TestServer:~ admin$

Apparently, TestServer is not running mysqld, or couldn't be found.  I'd 
guess a DNS lookup on TestServer failed to retrieve an IP.

> Does the mysql daemon use this particular one for access??

Since root can connect from localhost (line 1) and from any machine on 
the local net (192.%, line 5), you can safely remove the root@TestServer 
user.  It is my impression that most people also remove the two 
anonymous users (lines 3 and 4).

Michael


Thread
Question on root accessKieran Kelleher3 Mar
  • Re: Question on root accessMichael Stassen3 Mar