[转帖]MySQL默认配置存在空ROOT密码
发表于 : 2007-07-24 21:33
代码: 全选
lee@LF824-alice:~$ mysql -uroot
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.0.38-Ubuntu_0ubuntu1-log Ubuntu 7.04 distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> set password for 'root'@'localhost'=password('123456');
Query OK, 0 rows affected (0.00 sec)
mysql>
http://www.xfocus.net/vuls/200208/2996.html详细描述
MySQL是开放源代码关系数据库。
Microsoft Windows/GNU Linux下的数据库默认安装其ROOT密码为空,结合可以任意远程主机连接数据库漏洞,可导致远程用户以ROOT用户空密码连接远程数据库。
测试代码
无
解决方案
使用如下方法关闭默认帐户:
DELETE FROM mysql.user;
GRANT ALL PRIVILEGES ON *.* TO user@localhost
IDENTIFIED BY 'password' WITH GRANT OPTION;
相关信息
Mike Bommarito <g0thm0g@attbi.com>
参考:http://online.securityfocus.com/archive/1/288105
相关主页:http://www.mysql.com/