|
This chapter applies to MySQL 4.x, which is no longer supported with EventSentry. The SQL commands shown in this chapter however still apply to MySQL 5.x and can be used to manipulate user accounts using the MySQL shell.
|
The root user does not have a password by default which is a security risk and needs to be changed immediately. We will change the root password from the command line using the mysql SQL shell. Open the command prompt and follow the instructions in the screenshot:
• | First we connect to the SQL instance as the root user by using the -u option. We do not have to specify a password since the root user does not have a password by default. |
• | Then we change the database to the built-in mysql database, that contains all usernames among other things. |
• | The select command here shows that four user accounts exist by default, two for the user root and two anonymous ones. |
• | We change the password of both root user accounts (explanation for both is below) by using a standard SQL update command. The PASSWORD() function is used to create the password hash, just specifying the password in quotes would not work. |
• | We then remove the anonymous user account with a delete statement. |
• | Changes to the user accounts do not always become effective immediately, so we force this internal update by issuing the flush privileges command. |
After typing exit we have successfully remove two unneeded user accounts and set a password for the root user.
|
Unlike other database servers, MySQL allows you to link a database user with a hostname. This allows you to create different users (and hence different permissions) depending on where a user is connecting from.
For example, by default there are two root accounts with different host values. One account has the host value set to localhost, whereas the other has it set to build. This means that you can restrict from which users can log on using the root (or any account for that matter) account. The most commonly used host name is the percentage character % - a wildcard matching all host names.
This feature is not relevant to us right now since we set the same password for both root accounts, but it's important and helpful to know that this feature exists. When you connect to a MySQL database then the server will always perform a reverse lookup to match the correct username.
|
From now on we can no longer just type mysql -u root, but instead will need to specify the password we have just set above by typing mysql -u root -p. The -p switch tells the application to prompt us for the password.
Connecting remotely with the MySQL Administrator or MySQL Query Browser
Please note that thus far you can only connect to the MySQL server from the localhost or a host with the name "build". You will need to run the following statements in order to get root access from remote hosts as well:
• | update user set host='%' where host='build'; |
This will allow you to connect to your MySQL server from any host using the root user.
|