I would like to note that bug reports should only be sent out if you are
using the latest version, which now is 3.23.39.
--On Friday, June 15, 2001 17:37 -0600 Chris Bolt <[EMAIL PROTECTED]>
wrote:
>> After creating a new database, I ran:
>>
>> update user set password = 'SomeJunk' where user = 'root';
>>
>> This inserts the string 'SomeJunk' literally into the database,
>> unencrypted. This is SQL expected but the result is a database
>> lockout (not to mention the security breach of having the clear
>> password stored in a file.
>>
>> I got the smart idea to assign a root password like this from the
>> Bugzilla-Guide.txt file that comes with Bugzilla.
>
> I just opened Bugzilla-Guide.txt and it says:
>
> mysql> UPDATE user SET Password=PASSWORD ('new_password') WHERE
> user='root'; mysql> FLUSH PRIVILEGES;
>
> note the PASSWORD('new_password') instead of just 'new_password'
>
>> If there is a better way to assign passwords, please let me know.
>>
>> I tried
>>
>> grant all on mysql.* to foo identified by bar;
>>
>> Seems to work for creating new accounts.
>
> Try
> GRANT ALL PRIVILEGES ON table.* TO user@localhost IDENTIFIED BY
> 'password';
>
> Since in most cases (web server and mysql on same box) you don't need to
> allow users to connect from anywhere. If you want to include a hostname or
> wildcard, put it in '' (like '%.host.com' or just '%')
>
>> Also, the user table looks like:
>>
>> mysql> select host, user, password from user;
>> +-----------+---------+------------------+
>> | host | user | password |
>> +-----------+---------+------------------+
>> | localhost | root | 7d30d6e5796d165e |
>> | nomis | root | 7d30d6e5796d165e |
>> | localhost | | |
>> | nomis | | |
>> | localhost | ShimonR | 7d30d6e5796d165e |
>> +-----------+---------+------------------+
>> 5 rows in set (0.00 sec)
>>
>> Does this mean that any user from localhost or from nomis can connect?
>
> Don't know, but unless they have corresponding rows in another table to
> actually give them privileges, they can't do anything.
>
> I don't have rows like that in my user table so they should be safe to
> delete.
>
>
> ---------------------------------------------------------------------
> Before posting, please check:
> http://www.mysql.com/manual.php (the manual)
> http://lists.mysql.com/ (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail
> <[EMAIL PROTECTED]> Trouble
> unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
--
William M. Quarles
Vice Pres, Society of Physics Students
Jr. Warden, Canterbury Episcopal Campus Ministry
James Madison University
[EMAIL PROTECTED]
* This e-mail was sent using Mulberry, JMU's new official e-mail client.
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
