mysql匿名用户引起的Access denied

最新推荐文章于 2022-11-09 17:20:57 发布

jiangzhe0630

最新推荐文章于 2022-11-09 17:20:57 发布

阅读量378

点赞数

文章标签： mysql登录 mysql匿名用户

本文链接：https://blog.csdn.net/jiangzhe0630/article/details/50174739

版权

mysql匿名用户引起的Access denied

场景描述

mysql -ujz -p123123 -h 192.168.5.178
可以正常登陆(192.168.5.178为本机ip)
mysql -ujz -p123123
提示ERROR 1045 (28000): Access denied for user ‘jz’@’localhost’ (using password: YES)

问题分析

select host, user, password from mysql.user;

host	user	password
%	jz	*E56A114692FE0DE073F9A1DD68A00EEB9703F3F1
localhost
localhost	root

注意：存在localhost匿名用户，并且无密码

问题存在于mysql的用户匹配问题，通过查阅官方文档

The server uses sorting rules that order rows with the most-specific Host values first. Literal host names and IP addresses are the most specific. (The specificity of a literal IP address is not affected by whether it has a netmask, so 192.168.1.13 and 192.168.1.0/255.255.255.0 are considered equally specific.) The pattern ‘%’ means “any host” and is least specific. The empty string ” also means “any host” but sorts after ‘%’. Rows with the same Host value are ordered with the most-specific User values first (a blank User value means “any user” and is least specific). For rows with equally-specific Host and User values, the order is indeterminate.

这里可以看出@localhost的比jz@%优先级要高，也就是说mysql -ujz在不指定host登录的时候，匹配到的是@localhost，也就是不需要输入密码即可登录。