Steve Folly wrote:
On 9 Jan 2004, at 22:43, Michael Stassen wrote:
As [EMAIL PROTECTED] and [EMAIL PROTECTED] are separate entries in the user table, each with its own password and privileges, they are 2 separate root accounts from mysql's perspective. You could choose to think of them as the same account by keeping their settings the same, or you could choose to think of them as separate root accounts, possibly with separate settings. You could, for example, give root fewer privs when connecting externally than via localhost. Many people, myself included, eliminate [EMAIL PROTECTED] altogether, so that the root user can only connect from localhost, or replace the % with something more limiting (say [EMAIL PROTECTED]). Ask yourself which IPs should be allowed to administer mysql as root and act accordingly.
How does MySQL decide which entry to use when authenticating?
This is documented in the manual <http://www.mysql.com/doc/en/Connection_access.html>. The basic idea is that mysql sorts the user table from most specific to least, with host taking precedence over user.
Eg. if you've two host entries; one '192.%' and the other '192.168.%' - and you connect from 192.168.100.12, which row gets chosen?
As I understand it, 192.168.% is more specific than 192.%, so 192.168.100.12 would match 192.168.%
Perhaps it's the more exact match? i.e. 192.168.%
That's my understanding.
But what if there isn't a more exact match... i.e. choose between '192.%' or '%.168.%'
Well, I can't imagine why you would put %.168.% in for host. If you did, I think 192.% would be more specific than %.168.%, but the manual is unclear on that. I suppose you could try it and see.
What if there are two entries - 'localhost' and '127.0.0.1' ?
To mysql, those are not the same. localhost is a unix socket connection, 127.0.0.1 is a TCP/IP connection. So,
mysql -u username -p
would connect as [EMAIL PROTECTED], but
mysql -h 127.0.0.1 -u username -p
would connect as [EMAIL PROTECTED]
Michael
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
