mysql匿名用户引起的Access denied
场景描述
- mysql -ujz -p123123 -h 192.168.5.178
可以正常登陆(192.168.5.178为本机ip) - mysql -ujz -p123123
提示ERROR 1045 (28000): Access denied for user ‘jz’@’localhost’ (using password: YES)
问题分析
- select host, user, password from mysql.user;
host | user | password |
---|---|---|
% | jz | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 |
localhost | ||
localhost | root |
注意:存在localhost匿名用户,并且无密码
- 问题存在于mysql的用户匹配问题,通过查阅官方文档
The server uses sorting rules that order rows with the most-specific Host values first. Literal host names and IP addresses are the most specific. (The specificity of a literal IP address is not affected by whether it has a netmask, so 192.168.1.13 and 192.168.1.0/255.255.255.0 are considered equally specific.) The pattern ‘%’ means “any host” and is least specific. The empty string ” also means “any host” but sorts after ‘%’. Rows with the same Host value are ordered with the most-specific User values first (a blank User value means “any user” and is least specific). For rows with equally-specific Host and User values, the order is indeterminate.
这里可以看出@localhost的比jz@%优先级要高,也就是说mysql -ujz在不指定host登录的时候, 匹配到的是@localhost,也就是不需要输入密码即可登录。
问题总结
为了数据的可维护性,不要创建匿名用户,尽量设定详细的host