Home >Database >Mysql Tutorial >MYSQL删除匿名用户的方法(提高安全性)_MySQL

MYSQL删除匿名用户的方法(提高安全性)_MySQL

WBOY
WBOYOriginal
2016-06-01 13:23:071873browse

bitsCN.com 安装完MySQL以后会自动创建一个root用户和一个匿名用户,对于root大家都非常注意,而这个匿名用户很多人都会忽略,大概是因为匿名用户默认设定为只能在本地使用的缘故吧。

  但如果MySQL要作为数据库提供给Web服务器使用的话,忽略这个匿名用户的代价可能相当惨重。因为在默认设置下,这个匿名用户在localhost上几乎拥有和root一样的权限。很可能因为访问者上传一个PHP文件,用这个PHP文件创建一个新用户,并给他一个较高的权限,然后用这个新用户连接到服务器的MySQL,对该服务器的MySQL进行管理。

  删除命令如下:


  MySQL>UPDATE user set password=PASSWORD('your password') where user='';
  MySQL>FLUSH PRIVILEGES;


mysql中删除匿名用户详细步骤如下:

[root@sample ~]#mysql -u root -p ← 通过密码用root登录
Enter password: ← 在这里输入密码

Welcome to the MySQL monitor. Commands end with ; or /g.
Your MySQL connection id is 7 to server version: 4.1.20

Type 'help;' or '/h' for help. Type '/c' to clear the buffer.

mysql>select user,host from mysql.user;  ← 查看用户信息
+------+----------------------------+
| user | host         |
+------+----------------------------+
|   | localhost       |
| root | localhost       |
|   | sample.centospub.com |
| root | sample.centospub.com  |
+------+----------------------------+
4 rows in set (0.02 sec)

mysql> delete from mysql.user where user='';  ← 删除匿名用户
Query OK, 2 rows affected (0.17 sec)

mysql> select user,host from mysql.user;  ← 查看用户信息
+------+----------------------------+
| user | host         |
+------+----------------------------+
| root | localhost      |
| root | sample.centospub.com |
+------+----------------------------+
2 rows in set (0.00 sec)

mysql> exit  ← 退出MySQL服务器
ByebitsCN.com

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn