PengXiaoxun wrote:
I create a new account via the following statement:
CREATE USER 'monty'@'%' IDENTIFIED BY '123456';
Without any privileges granted, the user 'monty' can access the database
information_schema via a remote host.
Why?
How can I create a new user without any privileges actually?
You need to complete your installation by removing the anonymous user
accounts. This is described here in the Installation portion of our manual:
http://dev.mysql.com/doc/refman/5.1/en/default-privileges.html
Then issue the command
SHOW GRANTS FOR 'monty'@'%';
http://dev.mysql.com/doc/refman/5.1/en/show-grants.html
If the only privilege this user has is 'USAGE' then the only privilege
they have is the ability to authenticate with the MySQL instance. This
is a 'no-privileges' account.
http://dev.mysql.com/doc/refman/5.1/en/privileges-provided.html#priv_usage
Additional explanation of how MySQL security works is located in the
following sections of Chapter 5 of the manual:
http://dev.mysql.com/doc/refman/5.1/en/security.html
http://dev.mysql.com/doc/refman/5.1/en/privilege-system.html
http://dev.mysql.com/doc/refman/5.1/en/user-account-management.html
--
Shawn Green
MySQL Principle Technical Support Engineer
Oracle USA, Inc.
Office: Blountville, TN
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
