[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [suse-security] mysql_connect: Access denied



Hi Thomas,

which entries are in the mysql user table ?

1. Connect to your MySQL DB (Console)
# mysql -> 	Does this work without any authentication ?

2. Select the mysql Database
# \u mysql

3. Select another pager for a better view
# pager

4. Lets have a look to your user table ...
# SELECT * FROM USER;

You should have an entry like this ...

Host localhost, User "empty", Password "empty" and with appropriate
privileges

Is your user 'roth' listed here ?

ONLY for testing !!!

Create a user with full privileges to all !
mysql > grant all privileges on *.* to testuser@% identified by
'testpassword' with grant option;

This command creates the user 'testuser' with the access privilege 'from
everywhere' with the right to to bequest his rights.

With this user should be able to connect to the database with your PHP
Script.

Don´t forget to remove the user 'testuser' with his privileges ! 

Note:
MySQL has its own user system - independent from the system users.


Maybe this is a first step...

Good luck

Stefan
 
> -----Ursprüngliche Nachricht-----
> Von: Thomas Roth [mailto:thomas.roth@xxxxxxxxxxxxxxxxxxxxxx]
> Gesendet: Dienstag, 21. Oktober 2003 20:33
> An: suse-security
> Betreff: [suse-security] mysql_connect: Access denied
> 
> 
> 
> Hello list,
> 
> I've got that problem with mysql + php. Both run under SuSE 
> 8.2, (php 4.3.1 as 
> Apache module, mysql vers. 11.18). 
> I have tried to follow the instructions, giving 'root' a 
> password, setting up 
> a mysql-user with fewer privileges etc. I have set up a table 
> in db 'test' 
> and put in some data. Now, when I try to connect via a 
> php-script, access is 
> denied:
> 
> mysql_connect() [function.mysql-connect]: Access denied for user: 
> 'roth@localhost' (Using password: NO) 
> 
> The first strange thing is that the username supplied to 
> mysql_connect() in 
> the script is not 'roth'  (although this username exists on 
> the system).
> 
> Then I was somewhat successful by not supplying anything to the 
> mysql_connect() function - until I realized that by default, 
> there is a 
> mysql-user '@localhost' without a password. Giving a password 
> to '@localhost' 
> of course leads with the access denial as above. 
> 
> I also found that the message  ' Using password: NO'  appears 
> if you say on 
> the commandline: 'mysql -u user'
> If you instead put int the -p  ('mysql -u user -p '), you 
> will be asked for 
> the password, as it should be. 
> But how can you do that via the web/apache/php? The only 
> advice I've found is 
> exactly what I did: to put the relevant data into the php 
> script and use them 
> in mysql_connect().
> 
> Somewhere I read that in case of an empty mysql_connect(), 
> the identity of the 
> apache-user will be used as the default mysql-user. But 
> apache is definitly 
> not running as the user that appears in the complaint above.
> 
> Checking php.ini, I see that php runs in safe_mode. 
> 
> Well, I'm somewhat confused and would appreciate your help
> 
> Thomas
> 
> 
> -- 
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
> 

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here