June 9th, 2004, 12:22 AM
securing mysql 3.x
im running a small message board with mysql 3 and php 4. apparently anybody can connect to the database as root using the -h <hostname> flag unless i change my root password. i checked google and mysql.com for the syntax for password changing on mysql 4 but i havent found anything that works. first of all, it never requires me to enter a username or password when i get on the command line. second, when i try to change the password with this command(which i think is the right one):
it says "OK, blah, blah", but the password is still "nothing". i need to change the password and make it enforce it. anybody know how to do this on mysql 3? also, i was wondering, if im behind a firewall that blocks inbound connections on port 3306(mysql) im pretty safe anyway. also, could someone with no sql experience use phpmyadmin to access my database remotely without me having phpmyadmin installed on my server, cuz i have a friend who claims to be messing with the database, but i dont know how he could be since he doesnt even know what a select statement is...
set password for 'root' = 'mypass';"
June 9th, 2004, 12:29 AM
Have you tried this as well?
MySQL Manual Page for SET PASSWORD
SET PASSWORD FOR root@"localhost"=PASSWORD("password");
June 9th, 2004, 12:46 AM
that worked for changing the password, but if i get on by just executing "mysql" and not "mysql -u root -p" it just lets me on with root accesss. how can i make it check for a password always?
June 9th, 2004, 09:26 AM
MySQL Manual Page on GRANT and DELETE. Take a read through this and particularly near the botton.
Have you thought about upgrading to 4?
June 9th, 2004, 02:48 PM
thanx, i think this will help