最近弄mysql的时候,发现一个之前没有发现的严重问题,匿名用户!!!
当你想以root的身份登录的时候:
mysql -u root -p
Enter password:
当你兴致勃勃的敲进了密码,发现:
Access denied for user 'root'@'localhost' (using password: YES)
!!!!!之后,你找遍了各大博客,说什么修改密码啦:
网上的方法:
# /etc/init.d/mysqld stop
# mysqld_safe --user=mysql --skip-grant-tables --skip-networking &
# mysql -u root mysql
mysql> UPDATE user SET Password=PASSWORD(’newpassword’) where USER=’root’;
mysql> FLUSH PRIVILEGES;
mysql> quit
# /etc/init.d/mysqld restart
# mysql -uroot -p
Enter password: <输入新设的密码newpassword>
当你用了上述方法之后,呵呵,到底是个小case,但是...
Access denied for user 'root'@'localhost' (using password: YES)
!!!!尼玛,这不科学!!
这时候,如果你用以下方法:
mysql -u root
mysql>
发现神奇的进入了,那我只能说,你试一下:
show grants;
发现你自己只有 USAGE,唉吊丝们,只能看不能用啊,你会发现什么操作都是''@'localhost'的啊,有没有发现,用户名是空的,是一个匿名用户!!!
这时候你就要:
# /etc/init.d/mysqld stop
# mysqld_safe --user=mysql --skip-grant-tables --skip-networking &
然后重新开一个终端,然后:
mysql
然后:
mysql> select user,host from mysql.user;
你会发现有几个user是空的,你之前都是在登录匿名用户!
然后你就:
mysql> delete from mysql.user where user='';
把匿名用户都删掉。
之后重启mysql。
然后....
mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
你这时再show grants,就会发现是GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY PASSWORD了!