avatar
anonymous login in mysql?# Database - 数据库
j*y
1
Hi, all:
In setting up the password for the root user, I have used the command
DELETE FROM user WHERE Host='localhost' AND User='';
It is used to delete the anonymous users, and prevent them from logging in.
Yet, when I use "mysql -u abc" to login, it still can be successful.
Haven't I deleted the anonymous users from the user tables? I have checked my
user table again, only "root" and "mysql" are present. No other users in the
table.
Then how can user "abc" to log in?
thanks for any suggestions
avatar
L*t
2
To add a user, first log in as root
shell> mysql -u root -p
Then you can add new users by issuing GRANT statements:
mysql> GRANT ALL PRIVILEGES ON *.* TO [email protected]
-> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
mysql> GRANT ALL PRIVILEGES ON *.* TO [email protected]"%"
-> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
mysql> GRANT RELOAD,PROCESS ON *.* TO [email protected];
mysql> GRANT USAGE ON *.* TO [email protected];
avatar
j*y
3
thanks, but my question is: how to prevent anonymous users from logging in.
any further suggestions?

【在 L**********t 的大作中提到】
: To add a user, first log in as root
: shell> mysql -u root -p
: Then you can add new users by issuing GRANT statements:
: mysql> GRANT ALL PRIVILEGES ON *.* TO [email protected]
: -> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
: mysql> GRANT ALL PRIVILEGES ON *.* TO [email protected]"%"
: -> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
: mysql> GRANT RELOAD,PROCESS ON *.* TO [email protected];
: mysql> GRANT USAGE ON *.* TO [email protected];

avatar
l*u
4
By default mysql allows local user (from localhost) to login
without password. These users can only use database "test".
I don't know how to disable it. An easy way is to delete
database "test", thus anonymous user can do few things.
Digging the manual of mysql, you might find way to disable
anonymous login.

【在 j***y 的大作中提到】
: thanks, but my question is: how to prevent anonymous users from logging in.
: any further suggestions?

avatar
L*t
5
After you logged in as root, did you try the following?
mysql> use mysql
mysql > delete from user where user = "";
Try this to see if it works or not.

【在 j***y 的大作中提到】
: thanks, but my question is: how to prevent anonymous users from logging in.
: any further suggestions?

avatar
j*y
6
yes, i did it.
thanks for your suggestion.
i've got the answer.
the anonymous users can't be forbidden to login completely, because mysql is
designed to let them user the "test" database, or the database start with
"test_".
i have logged in as an anonymous user, and try the command "use xxx;" (xxx is
the database name except for "test" or "test_*"). and i got an access denied
error message, this confirms that anonymous users can only operate on the
"test" databases, and that's secure enough.
tha

【在 L**********t 的大作中提到】
: After you logged in as root, did you try the following?
: mysql> use mysql
: mysql > delete from user where user = "";
: Try this to see if it works or not.

相关阅读
logo
联系我们隐私协议©2024 redian.news
Redian新闻
Redian.news刊载任何文章,不代表同意其说法或描述,仅为提供更多信息,也不构成任何建议。文章信息的合法性及真实性由其作者负责,与Redian.news及其运营公司无关。欢迎投稿,如发现稿件侵权,或作者不愿在本网发表文章,请版权拥有者通知本网处理。