[LON-CAPA-admin] Two significant MySQL security holes
Scott Harrison
sharrison at users.sourceforge.net
Mon Sep 23 11:39:24 EDT 2002
Dear Carmine:
Have you set a root password? Try: mysql -u root (without the -p flag)
If that does not work, here is a quote from the MySQL manual:
(The mysql manual is in /usr/share/doc/mysql-*/manual.html.)
-- beginquote --
If you get an error like the following:
shell> mysqladmin -u root -pxxxx ver
Access denied for user: 'root at localhost' (Using password: YES)
It means that you are using a wrong password. See section 4.3.6
Setting Up Passwords. If you have forgot the root password, you
can restart mysqld with --skip-grant-tables to change the password. You can
find more about this option later on in this manual section.
-- endquote --
The commands would generally be something like:
shell> /etc/rc.d/init.d/mysqld stop
shell> BINDIR/safe_mysqld --skip-grant-tables &
shell> BINDIR/mysql -u root mysql
mysql> SET PASSWORD FOR root at localhost = PASSWORD('SOMETHINGDIFFICULTTOGUESS');
mysql> quit
shell> killall safe_mysqld
shell> /etc/rc.d/init.d/mysqld restart
Then, "mysql -u root -p" should work with the password you set.
> > > Fix #2 - Revoke privileges to the MySQL 'user' table for user=www.
> > >
> > > mysql -u root -p
> > > mysql> REVOKE ALL PRIVILEGES ON *.* FROM www at localhost;
> > > mysql> GRANT ALL PRIVILEGES ON loncapa.* to www at localhost;
Regards,
Scott
--
Scott Harrison, sharrison at users.sourceforge.net
More information about the LON-CAPA-admin
mailing list