5

I see these when running MySQLTuner.pl:

-------- Security Recommendations  -------------------------------------------
[!!] User '@debian' has no password set.
[!!] User '@localhost' has no password set.
------------------------------------------------------------------------------
  • Is it a security hole?
  • How to fix it?

Thanks

RolandoMySQLDBA
  • 182,700
  • 33
  • 317
  • 520
alfish
  • 2,964
  • 7
  • 20
  • 18

1 Answers1

6

That is definite a security hole. That's because mysql was installed that way.

To remove those entries, please run these lines

DELETE FROM mysql.user WHERE user='' or password='';
FLUSH PRIVILEGES;

Here are three(3) past posts I wrote on how and why to do such cleanup of mysql.user and mysql.db

Community
  • 1
RolandoMySQLDBA
  • 182,700
  • 33
  • 317
  • 520
  • 1
    Great answer, just a typo FLUSH PRIVILEGES: should be FLUSH PRIVILEGES; with semicolon. I copy-pasted and got an error, so tried to edit the answer but I was not allowed as it is not a 6+ chars edit... – Nicolas S Sep 30 '13 at 21:55