MySQL Deleting Anonymous Accounts security tip

Sep 04, 2010 Author: Developer

When you install MySQL on Windows, it automatically creates some accounts for you. On Linux, this happens when you run the mysql_install_db script. Two of these accounts are anonymous; they represent the account you get when you don't specify a username. One has a host value of localhost and the other % (any other host, so effectively any remote connection). These accounts have no passwords set by default.

You can probably already see where we're going with this, but we strongly recommend that you delete these accounts. You can do this as shown here:

delete from user where User='';
delete from db where User='';

You will need to follow this with a FLUSH PRIVILEGES statement to flush the grant tables.

The second reason to do this is that these accounts can cause confusion when regular users try to log in. If you create an account for, let's say username vlado at any host (%), then when vlado tries to connect from localhost, the MySQL server looks for matching entries in the user table. It has vlado@% and (anonymous)@localhost. Because MySQL matches the most specific hostname first, the matching row is (anonymous)@localhost. Note that although vlado has supplied a username, this doesn't matter! The anonymous accounts don't require a username. This anonymous account is likely to have a different password from vlado's account (by default, the password is blank, meaning the user should not supply one). This means that when vlado tries to log in with her username and password from localhost, she will get an Access Denied error for no obvious reason.

Again, the best way to avoid this problem is to delete these accounts and forget about them.

views 12073
  1. Add New Comment