I gave the same password to user "root" and user "bhaselto", using the
statements:
UPDATE user SET Password=PASSWORD('xxxxxxxx') WHERE user='root';
UPDATE user SET Password=PASSWORD('xxxxxxxx') WHERE user='bhaselto';
(using the real password instead of 'xxxxxxxx', of course). The 'user'
table shows them as having the same scrambled password:
mysql> select Host, User, Password from user;
+-----------------------+----------+------------------+
| Host | User | Password |
+-----------------------+----------+------------------+
| localhost | root | xxxxxxxxxxxxxxxx |
| localhost.localdomain | root | xxxxxxxxxxxxxxxx |
| localhost | | |
| localhost.localdomain | | |
| localhost | bhaselto | xxxxxxxxxxxxxxxx |
+-----------------------+----------+------------------+
5 rows in set (0.00 sec)
(where 'xxxxxxxxxxxxxxxx' represents the scrambled password, and is *the
same* in all three places -- I've obfuscated it here even though I still
can't see how you could break into someone's account knowing only the
scrambled password, since it's non-reversible).
However, only user "root" appears to have a non-blank password. If I try
"mysql -u root" from the command line, I can't log in, and instead I have
to enter "mysql -u root -p" and then type the 'xxxxxxxx' password when
prompted. This is expected. But when I try to log in as "bhaselto", I can
type
"mysql -u bhaselto"
and log right in with no password. If I type "mysql -u bhaselto -p" and
then get prompted for a password, I have to hit Enter (submitting a blank
password) to log in. I tried stopping and starting the mysql service but
it didn't help. Why does mysql not ask for a password for user "bhaselto"?
Related question: if I try accessing the database using the DBI perl
module, then:
>>>
my $dbh = DBI->connect("DBI:mysql:database=menagerie;host=localhost",
'root', # username
'xxxxxxxx', # password
{'RaiseError' => 1 }
);
>>>
connects *succesfully*. However, this code:
>>>
my $dbh = DBI->connect("DBI:mysql:database=menagerie;host=localhost",
'bhaselto', # username
'xxxxxxxx', # password
{'RaiseError' => 1 }
);
>>>
fails with the error:
>>>
DBI->connect(database=menagerie;host=localhost) failed: Access denied for
user: 'bhaselto@localhost' (Using password: YES) at dbdtest.pl line 5
>>>
And this code:
>>>
my $dbh = DBI->connect("DBI:mysql:database=menagerie;host=localhost",
'bhaselto', # username
'', # password
{'RaiseError' => 1 }
);
>>>
(i.e. using a blank password for user "bhaselto") fails with the error:
>>>
DBI->connect(database=menagerie;host=localhost) failed: Access denied for
user: '@localhost' to database 'menagerie' at dbdtest.pl line 5
>>>
So, if the password for user "bhaselto" really is blank, why didn't the
second example work? And, for that matter, in the second example, it was
the *password* that was blank, not the *username* -- so why did the error
message refer to "user: '@localhost'"? It seems like it should have
referred to "user: 'bhaselto@localhost'" since I did give the username as
bhaselto.
Thanks very much to anyone who can help me sort this out! :)
-Bennett
[EMAIL PROTECTED] http://www.peacefire.org
(425) 649 9024
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
