On 01/12/2003, at 3:16 AM, Bruce Timberlake wrote:
i just installed phpmyadmin from nuonce and created a userGRANT ALL PRIVILEGES ON *.* TO mysql@localhost IDENTIFIED BY 'mysql' WITHGRANT OPTION;
Ack, this is suicidal; you're giving ANYBODY with local access to your system (anybody with an account) the ability to do anything on any database, just by identifying with user/pass mysql/mysql.
I'm assuming that you've just put this username/password there for posting to this list's sake; if not, I'd strongly suggest using something far more secure, after removing this privilege.
Second, the "root" user should already have more then this kind of access, there's no need to do this.
Also, with phpmyadmin, you don't need to put a user/pass in the config file (and I'd recommend not doing so); I'm happy enough just to list the host, then I'll get a login screen; both customers can then use this, and I can use it for complete database administration by using the mysql root pass.
R