| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <297153223.20041231194702@x-project.net> From: swolf at x-project.net (Sascha Wolf) Subject: MySQL and the user "su" Dear Tom Crimmins, am Freitag, 31. Dezember 2004 um 17:42 schrieben Sie: > [snip] > I have today determined that I can connect to a local MySQL-server per > "mysql -usu". I regard that to error, can that someone confirm? > [/snip] > This is not an error. You should by default be able to connect with any user > from localhost, but you will not have privileges to do anything else. This > is because the mysql install by default sets up permissions this way. You > could verify this yourself by connecting as root, and executing the > following query: > SELECT * FROM mysql.user; > The row that applies in this case is the one with Host='localhost' and > User=''. You can delete this row if you do not want this behavior. You must > do a "flush privileges;" after deleting the row. > --- > Tom Crimmins > Interface Specialist > Pottawattamie County, Iowa Ok one if I the user deletes, I can't no more connection. But for what MySQL puts on this user at all, if he is not used? I think that is a securitybug to be evaluated. -- Mit freundlichen Gr??en Sascha Wolf mailto:swolf@...roject.net -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1294 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041231/888b7de8/smime.bin
Powered by blists - more mailing lists