Re: Possible Bug in mysql 3.23.38

Fri, 15 Jun 2001 17:18:22 -0700 

PLEASE read the manual.  you need to 

set password = password('SomeJunk')

And the bug report form can be obtained by running mysqlbug, the instructions 
for which are also found in the manual.

Thank you.

j----- k-----

On Friday 15 June 2001 13:08, Simon Shapiro wrote:
> Could not find a bug report form.  So I am telling y'll...
>
> Platform:  FreeBSD 4.3 (I do not think it matters)
>
> After creating a new database, I ran:
>
> update user set password = 'SomeJunk' where user = 'root';
>
> This inserts the string 'SomeJunk' literally into the database,
> unencrypted.  This is SQL expected but the result is a database
> lockout (not to mention the security breach of having the clear
> password stored in a file.
>
> I got the smart idea to assign a root password like this from the
> Bugzilla-Guide.txt file that comes with Bugzilla.
>
> If there is a better way to assign passwords, please let me know.
>
> I tried
>
> grant all on mysql.* to foo identified by bar;
>
> Seems to work for creating new accounts.
>
> Also, the user table looks like:
>
> mysql> select host, user, password from user;
> +-----------+---------+------------------+
>
>  | host       | user     | password         |
>
> +-----------+---------+------------------+
>
> | localhost | root    | 7d30d6e5796d165e |
> | nomis     | root    | 7d30d6e5796d165e |
> | localhost |         |                  |
> | nomis     |         |                  |
> | localhost | ShimonR | 7d30d6e5796d165e |
>
> +-----------+---------+------------------+
> 5 rows in set (0.00 sec)
>
> Does this mean that any user from localhost or from nomis can connect?
>
> Otherwise, this is really nice (my first first hand encounter with mysql).

-- 
Joshua Kugler, Information Services Director
Associated Students of the University of Alaska Fairbanks
[EMAIL PROTECTED], 907-474-7601

---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to