The anonymous account IS a security risk and should be deleted as soon as you are capable of managing "real" logins. It's basically there to let newbie administrators get up to speed with as few problems as possible. Now that you are comfortable with the MySQL privileges, dump it and hope it never comes back... ;-)
http://dev.mysql.com/doc/mysql/en/Default_privileges.html Shawn Green Database Administrator Unimin Corporation - Spruce Pine Rusty Wright <[EMAIL PROTECTED]> wrote on 08/25/2004 04:35:07 PM: > Date: Wed, 25 Aug 2004 19:30:04 +0300 > To: [EMAIL PROTECTED] > From: Egor Egorov <[EMAIL PROTECTED]> > Subject: Re: anonymous localhost user in mysql user grant table > > "rusty" <[EMAIL PROTECTED]> wrote: > > > What's the purpose of the entry in the user table where it has > > host='localhost' and user='' (blank) and all of the permissionsset to N? > > You may want to look at > > http://dev.mysql.com/doc/mysql/en/Privilege_system.html > > and > > http://dev.mysql.com/doc/mysql/en/User_Account_Management.html > > I have read them and just now re-read them in case I overlooked > anything. The only place where I find anything specific about the > anonymous user is section 5.5.8, "causes of access denied errors", but > it only explains an effect from the existence of the anonymous user, > not why the account was set up by the mysql_install_db program. > > I didn't find anything related to my original question, "is this some > sort of security safety net and it would be dangerous to delete it? > Or is it an example of setting up an anonymous locahost user and it's > safe to delete it?" > > I'm trying to understand the purpose of the anonymous account; is it > needed specifically in order to run a more secure mysql server, does > it help prevent break-ins, etc.? > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] >
