If you can see users with blank names:
mysql> select user, host, password
-> from mysql.user
-> where user = '';
+------+-----------+----------+
| user | host | password |
+------+-----------+----------+
| | localhost | |
+------+-----------+----------+
1 row in set (0.01 sec)
mysql>
These are anonymous users, which allow you to login like this:
C:\Program Files\MySQL\MySQL Server 5.5\bin>mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.5.19 MySQL Community Server (GPL)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
... or this:
C:\Program Files\MySQL\MySQL Server 5.5\bin>mysql -u ''
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.5.19 MySQL Community Server (GPL)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
... or this:
C:\Program Files\MySQL\MySQL Server 5.5\bin>mysql -u anonymous
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.5.19 MySQL Community Server (GPL)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
... or this:
C:\Program Files\MySQL\MySQL Server 5.5\bin>mysql -u anonymous@localhost
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.5.19 MySQL Community Server (GPL)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
If you don’t need them, you can delete them as follows:
C:\Program Files\MySQL\MySQL Server 5.5\bin>mysql -u root -p
Enter password: *********
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.5.19 MySQL Community Server (GPL)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> select count(*) from mysql.user
-> where user = '';
+----------+
| count(*) |
+----------+
| 1 |
+----------+
1 row in set (0.01 sec)
mysql> delete from mysql.user
-> where user = '';
Query OK, 1 row affected (0.02 sec)
mysql> select count(*) from mysql.user
-> where user = '';
+----------+
| count(*) |
+----------+
| 0 |
+----------+
1 row in set (0.00 sec)
mysql>
At this stage, the anonymous user can still login:
C:\Program Files\MySQL\MySQL Server 5.5\bin>mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.5.19 MySQL Community Server (GPL)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> exit
Bye
C:\Program Files\MySQL\MySQL Server 5.5\bin>mysql -u ''
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 14
Server version: 5.5.19 MySQL Community Server (GPL)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> exit
Bye
C:\Program Files\MySQL\MySQL Server 5.5\bin>mysql -u anonymous
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 15
Server version: 5.5.19 MySQL Community Server (GPL)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
To finish the user deletion, you need to run the flush privileges command as root:
C:\Program Files\MySQL\MySQL Server 5.5\bin>mysql -u root -p
Enter password: *********
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 16
Server version: 5.5.19 MySQL Community Server (GPL)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> flush privileges;
Query OK, 0 rows affected (0.05 sec)
mysql>
Then the user can no longer login:
C:\Program Files\MySQL\MySQL Server 5.5\bin>mysql
ERROR 1045 (28000): Access denied for user 'ODBC'@'localhost' (using password: N
O)
C:\Program Files\MySQL\MySQL Server 5.5\bin>mysql -u ''
ERROR 1045 (28000): Access denied for user ''@'localhost' (using password: NO)
C:\Program Files\MySQL\MySQL Server 5.5\bin>mysql -u anonymous
ERROR 1045 (28000): Access denied for user 'anonymous'@'localhost' (using passwo
rd: NO)
C:\Program Files\MySQL\MySQL Server 5.5\bin>
No comments:
Post a Comment