severity 301741 normal
thanks
Hello Hilko
On 2005-03-28 Hilko Bengen wrote:
> It appears to me as if a host entry with wildcard user was checked
> before a user entry with a wildcard host. This might make perfect
> sense, but I fail to see the reason why the two wildcard users are
> there in the first place.
No, AFAIK your initial connect is checked against the `user` table.
But in your `db` table you have probably a '%' or '' in the `host`
column and in such cases there will an extra check against the `host`
table. The exact algorithm is explaint here
http://dev.mysql.com/doc/mysql/en/connection-access.html
> Please consider removing the two wildcard accounts from the default
> installation.
I already filed a bug at bugs.mysql.com and asked them to install no
default users. Until now I didn't want to change the default setup
as this might be unexpected but will take a look again if I can't modify
the database creation script to atleast no install them initially.
(Mostly because we had have a couple of security bugs that only needed
a valid access to the database in the last months)
bye,
-christian-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
