I gave the same password to user "root" and user "bhaselto", using the statements: UPDATE user SET Password=PASSWORD('xxxxxxxx') WHERE user='root'; UPDATE user SET Password=PASSWORD('xxxxxxxx') WHERE user='bhaselto'; (using the real password instead of 'xxxxxxxx', of course). The 'user' table shows them as having the same scrambled password: mysql> select Host, User, Password from user; +-----------------------+----------+------------------+ | Host | User | Password | +-----------------------+----------+------------------+ | localhost | root | xxxxxxxxxxxxxxxx | | localhost.localdomain | root | xxxxxxxxxxxxxxxx | | localhost | | | | localhost.localdomain | | | | localhost | bhaselto | xxxxxxxxxxxxxxxx | +-----------------------+----------+------------------+ 5 rows in set (0.00 sec) (where 'xxxxxxxxxxxxxxxx' represents the scrambled password, and is *the same* in all three places -- I've obfuscated it here even though I still can't see how you could break into someone's account knowing only the scrambled password, since it's non-reversible). However, only user "root" appears to have a non-blank password. If I try "mysql -u root" from the command line, I can't log in, and instead I have to enter "mysql -u root -p" and then type the 'xxxxxxxx' password when prompted. This is expected. But when I try to log in as "bhaselto", I can type "mysql -u bhaselto" and log right in with no password. If I type "mysql -u bhaselto -p" and then get prompted for a password, I have to hit Enter (submitting a blank password) to log in. I tried stopping and starting the mysql service but it didn't help. Why does mysql not ask for a password for user "bhaselto"? Related question: if I try accessing the database using the DBI perl module, then: >>> my $dbh = DBI->connect("DBI:mysql:database=menagerie;host=localhost", 'root', # username 'xxxxxxxx', # password {'RaiseError' => 1 } ); >>> connects *succesfully*. However, this code: >>> my $dbh = DBI->connect("DBI:mysql:database=menagerie;host=localhost", 'bhaselto', # username 'xxxxxxxx', # password {'RaiseError' => 1 } ); >>> fails with the error: >>> DBI->connect(database=menagerie;host=localhost) failed: Access denied for user: 'bhaselto@localhost' (Using password: YES) at dbdtest.pl line 5 >>> And this code: >>> my $dbh = DBI->connect("DBI:mysql:database=menagerie;host=localhost", 'bhaselto', # username '', # password {'RaiseError' => 1 } ); >>> (i.e. using a blank password for user "bhaselto") fails with the error: >>> DBI->connect(database=menagerie;host=localhost) failed: Access denied for user: '@localhost' to database 'menagerie' at dbdtest.pl line 5 >>> So, if the password for user "bhaselto" really is blank, why didn't the second example work? And, for that matter, in the second example, it was the *password* that was blank, not the *username* -- so why did the error message refer to "user: '@localhost'"? It seems like it should have referred to "user: 'bhaselto@localhost'" since I did give the username as bhaselto. Thanks very much to anyone who can help me sort this out! :) -Bennett [EMAIL PROTECTED] http://www.peacefire.org (425) 649 9024 --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php