One thing's been bothering me for a while: When I create a user and
database in MySQL, the user always ends up with an extra entry with
host='%' and password=''. How is this happening? This is how I create
a new database and user:
mysql> create database xxx;
Query OK, 1 row affected (0.01 sec)
mysql> insert into user set host='localhost', user='xxx', password=password('yyy');
Query OK, 1 row affected (0.03 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on xxx to xxx;
Query OK, 0 rows affected (0.03 sec)
mysql> grant all privileges on xxx.* to xxx;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> select host,user,password from user where user='xxx';
+-----------+------+------------------+
| host | user | password |
+-----------+------+------------------+
| % | xxx | |
| localhost | xxx | 66debff13dff1053 |
+-----------+------+------------------+
2 rows in set (0.00 sec)
What did I do wrong to cause these users with blank passwords to be
created (essentially opening me wide to the outside)? My MySQL version
is 3.23.47. It's worked fine after I delete the extra row in the user
table manually, but this could be dangerous to someone who doesn't
notice it!
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
