-
a security problem
Hi!
My probmlem is that everybody can connect to my mysql-server if you connect with user='' and pass=''.
In the table 'user', column 'User' there are no empty entries, so i cann't understand it.
If you need more information about my mysql-server etc. please tell me.
please help
Nedo
-
Read through this article that explains some basic MySQL security concepts.
It could be that you forgot to flush the privileges after you modified the user tables.
Cheers
-
hmm... but i didn't forget to flush privileges...
-
This is weird then. Most people have trouble loggin in - not like you ;)
Question I would ask now is:
Was it a custom compile or did you use a binary? Did you restart the server? What version of MySQL is it?
I suggest you contact MySQL directly with all the info above - it sounds like a bug in the version you have.
Cheers
-
now i know what the problem is: i have a user called "odbc" with no pass and host is '%', and if i login with user='' and pass='' it automatically makes a login as user 'odbc'... i don't know why it happens but i know that this is the problem :)
-
I haven't worked with ODBC yet, but I wonder - is this the default for the client you use? In the end it still was a problem as I addressed it in the article I wrote. You must define an admin user, set the 'Host' value and use a strong password.
Interesting none the less.
Cheers
-
but i use a software which uses the data from mysql but doesn't support username and pass at connections :)
the software runs only on one pc, so i just have to set the host...
-
The default user on Windows PC's when you connect to MySQL without a user is ODBC.
-