HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

MySQL user with empty hostname

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
withuseremptymysqlhostname

Problem

On a MySQL 5.6 server, the mysql.user table contains an user with an empty hostname ('jdoe'@''). What does that mean?

Solution

User whose name is joe can connect from any host.

Please note what MySQL 5.0 Certification Study Guide

say in its bulletpoints on Page 498 Paragraph 6:


On Unix, MySQL comes with a mysql_secure_installation script that can
perform several helpful security-related operations on your
installation. The script has the following capabilities:



  • Set a password for the root accounts



  • Remove any remotely accessible root accounts.



  • Remove the anonymous user accounts. This improves security because


it prevents the possibility of anyone connecting to the MySQL server
as root from a remote host. The results is that anyone who wants to
connect as root must first be able to log in on the server host, which
provides an additional barrier against attack.

  • Remove the test database (If you remove the anonymous accounts, you


might also want to remove the test database to which they have
access).


That user needs to be removed immediately.

Simply run

DELETE FROM mysql.user WHERE host='';
FLUSH PRIVILEGES;


GIVE IT A TRY !!!

UPDATE 2017-02-01 17:07 EST

According to the MySQL Documentation on Access Control, Stage 2: Request Verification


A '%' or blank Host value means “any host.”

This is applicable at all levels of grants.

Code Snippets

DELETE FROM mysql.user WHERE host='';
FLUSH PRIVILEGES;

Context

StackExchange Database Administrators Q#162333, answer score: 6

Revisions (0)

No revisions yet.