Hi Dan,
By default 2 anonymous user accounts are setup in the mysql database. You will have to delete them first. you should find that you can login with any name (except the specified ones) without password. This will probably allow you to view the databases f.e. with "SHOW DATABASES;", but you shouldnt be able to insert, update or delete anything. Anyway to view your user name to this: mysql> SELECT user(); It will show you as what you are logged in (username and host). Use mysql> SELECT current_user(); to see which mysql privilege account you are currently using. http://www.mysql.com/doc/en/Miscellaneous_functions.html You will have to delete the annonymous user accounts like this: mysql> use mysql; mysql> DELETE FROM mysql.user WHERE User=''; mysql> FLUSH PRIVILEGES; Than you will be fine and you should be able to log in with any anonymous user accounts. ;-) Best regards Nils Valentin Tokyo/Japan 2003年 7月 3日 木曜日 06:18、Dan Ullom さんは書きました: > I recently stumbled onto the ability to log into a mysql server from the > command line with any table name, and a blank password. ie: mysql -u mysql > My root account has a password set, and a few users with limited access but > I haven't done much else as far security goes. I've tried this on a 3.23 > and 4.0 mysql server running on RedHat and FreeBSD. Is there a setting I > need to change to stop this? > > Thanks in advance, > Dan Ullom -- --- Valentin Nils Internet Technology E-Mail: [EMAIL PROTECTED] URL: http://www.knowd.co.jp Personal URL: http://www.knowd.co.jp/staff/nils -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
