After setting root password why does MYSQL still allow me to login without a password?

Solution 1:

Well, the answer is right in that table - you need to remove the "root" lines that have no password listed.

Also, looks like you allow connections from anywhere (?!?!) when using no user or pass. Probably a bad idea. I'd do something like:

mysql> use mysql;
mysql> delete from user where password = "";

Solution 2:

Looks like the password is set on the 'root'@'localhost' user entry, but not on the 'root'@'%' entry; password-free authentication would be allowed based on that.

For security purposes, reconsider allowing root access from anywhere. If you do need it, then just get rid of the localhost specifications:

drop user 'root'@'localhost';
drop user 'root'@'127.0.0.1';
drop user 'root'@'::1';

And set the password for the 'root'@'%' user:

set password for 'root'@'%' = password('passwordhere');

Solution 3:

Don't forget to FLUSH PRIVILEGES or you can still login without password.

After setting root password why does MYSQL still allow me to login without a password?

Solution 1:

Solution 2:

Solution 3:

Tags:

Mysql

Database Administration

Mysql5

Related

Recent Posts