Yes, thank you, everybody's comments have been helpful. It seems, as Roel has noted, that the user where user='' and host='localhost' has all kinds of privileges. Which explains why when I log in as simply 'mysql' without specifying a particular user, than I have omnipotent powers.
delete from user where user='' and host='localhost' now this does the trick! (I will note however, that this is NOT plainly described in the MySQL installation and setup. I only found it after searching in about 5 different locations. Even then, the significance of this 'empty' user was not well impressed upon me. The documentation could be more clear on this VERY important fact.) Thanks everyone! Roel Van den Bergh wrote: > The problem is you only changed the password for the user 'root' > and didn't provide a password for 'anonymous' login or dissabled it > therefore any login can alter anything > be sure to fully read the section on security and you'll find an answer to > your securityleak > > btw after dopping table 'user' I think you might have to reinstall MySQL > : -) > > Also NB, Roel > > -----Oorspronkelijk bericht----- > Van: Bryan Capitano [mailto:[EMAIL PROTECTED]] > Verzonden: donderdag 10 januari 2002 8:51 > Aan: [EMAIL PROTECTED] > Onderwerp: setting root psswd on Win2K ?? > > Having some problems setting root password on MySQL. Can anybody help > me? > > I've just installed MySQL 3.23.38 on a Windows 2000 server. > I'm following the directions in the documenation for setting the root > password: > > >mysql -u root mysql > mysql>UPDATE user > mysql>SET password=password('mynewpass') > mysql>WHERE user='root'; > mysql>FLUSH PRIVILEGES; > > okay, all seemed fine. now if I log out and log back as pain old nobody: > > >mysql > mysql>use mysql; > mysql>drop table user; > okay 1 table affected................. > > How come just anybody can log into my MySQL server and start dropping > tables > in the mysql database?? This shouldn't be right. What have I done wrong? > > Either I have a serious mis-understanding or something is seriously not > right here. > > Thanks for any help! > > --------------------------------------------------------------------- > Before posting, please check: > http://www.mysql.com/manual.php (the manual) > http://lists.mysql.com/ (the list archive) > > To request this thread, e-mail <[EMAIL PROTECTED]> > To unsubscribe, e-mail > <[EMAIL PROTECTED]> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php -- CAPITANO WEb CONSULTING http://www.capitanoweb.com Bryan R. Capitano cell (541)760.6288 home (541)929.5060 --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
