具有空主机名的MySQL用户
作者:互联网
在MySQL 5.6服务器上,mysql.user表包含一个空主机名(‘jdoe’@”)的用户.那是什么意思?
解决方法:
名称为joe的用户可以从任何主机连接.
请注意07000
在第498段第9段的要点中说:
On Unix, MySQL comes with a mysql_secure_installation script that can
perform several helpful security-related operations on your
installation. The script has the following capabilities:
- Set a password for the root accounts
- Remove any remotely accessible root accounts.
- Remove the anonymous user accounts. This improves security because
it prevents the possibility of anyone connecting to the MySQL server
as root from a remote host. The results is that anyone who wants to
connect as root must first be able to log in on the server host, which
provides an additional barrier against attack.- Remove the test database (If you remove the anonymous accounts, you
might also want to remove the test database to which they have
access).
该用户需要立即删除.
简单地跑
DELETE FROM mysql.user WHERE host='';
FLUSH PRIVILEGES;
试试看 !!!
更新2017-02-01 17:07 EST
根据Access Control, Stage 2: Request Verification上的MySQL文档
A ‘%’ or blank Host value means “any host.”
这适用于所有级别的拨款.
标签:mysql-5-6,mysql,permissions 来源: https://codeday.me/bug/20190806/1596491.html