[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] mysql_connect: Access denied



Hello list,

I've got that problem with mysql + php. Both run under SuSE 8.2, (php 4.3.1 as 
Apache module, mysql vers. 11.18). 
I have tried to follow the instructions, giving 'root' a password, setting up 
a mysql-user with fewer privileges etc. I have set up a table in db 'test' 
and put in some data. Now, when I try to connect via a php-script, access is 
denied:

mysql_connect() [function.mysql-connect]: Access denied for user: 
'roth@localhost' (Using password: NO) 

The first strange thing is that the username supplied to mysql_connect() in 
the script is not 'roth'  (although this username exists on the system).

Then I was somewhat successful by not supplying anything to the 
mysql_connect() function - until I realized that by default, there is a 
mysql-user '@localhost' without a password. Giving a password to '@localhost' 
of course leads with the access denial as above. 

I also found that the message  ' Using password: NO'  appears if you say on 
the commandline: 'mysql -u user'
If you instead put int the -p  ('mysql -u user -p '), you will be asked for 
the password, as it should be. 
But how can you do that via the web/apache/php? The only advice I've found is 
exactly what I did: to put the relevant data into the php script and use them 
in mysql_connect().

Somewhere I read that in case of an empty mysql_connect(), the identity of the 
apache-user will be used as the default mysql-user. But apache is definitly 
not running as the user that appears in the complaint above.

Checking php.ini, I see that php runs in safe_mode. 

Well, I'm somewhat confused and would appreciate your help

Thomas


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here