Results 1 to 9 of 9

Thread: a security problem

  1. #1
    Join Date
    Mar 2003
    Posts
    5

    Angry a security problem

    Hi!

    My probmlem is that everybody can connect to my mysql-server if you connect with user='' and pass=''.
    In the table 'user', column 'User' there are no empty entries, so i cann't understand it.
    If you need more information about my mysql-server etc. please tell me.

    please help


    Nedo

  2. #2
    Join Date
    Feb 2003
    Location
    Johannesburg, South Africa
    Posts
    145
    Read through this article that explains some basic MySQL security concepts.

    It could be that you forgot to flush the privileges after you modified the user tables.

    Cheers

  3. #3
    Join Date
    Mar 2003
    Posts
    5
    hmm... but i didn't forget to flush privileges...

  4. #4
    Join Date
    Feb 2003
    Location
    Johannesburg, South Africa
    Posts
    145
    This is weird then. Most people have trouble loggin in - not like you

    Question I would ask now is:

    Was it a custom compile or did you use a binary? Did you restart the server? What version of MySQL is it?

    I suggest you contact MySQL directly with all the info above - it sounds like a bug in the version you have.

    Cheers

  5. #5
    Join Date
    Mar 2003
    Posts
    5
    now i know what the problem is: i have a user called "odbc" with no pass and host is '%', and if i login with user='' and pass='' it automatically makes a login as user 'odbc'... i don't know why it happens but i know that this is the problem

  6. #6
    Join Date
    Feb 2003
    Location
    Johannesburg, South Africa
    Posts
    145
    I haven't worked with ODBC yet, but I wonder - is this the default for the client you use? In the end it still was a problem as I addressed it in the article I wrote. You must define an admin user, set the 'Host' value and use a strong password.

    Interesting none the less.

    Cheers

  7. #7
    Join Date
    Mar 2003
    Posts
    5
    but i use a software which uses the data from mysql but doesn't support username and pass at connections
    the software runs only on one pc, so i just have to set the host...

  8. #8
    Join Date
    Dec 2002
    Location
    Cape Town, South Africa
    Posts
    75
    The default user on Windows PC's when you connect to MySQL without a user is ODBC.

  9. #9
    Join Date
    Mar 2003
    Posts
    5
    aha... thx

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •