MySQL Allows ODBC With Any Username

Posted on

Question :

I have a MySQL Community database on a remote server and I am trying to get Microsoft Access to read data from it. This data is sensitive. The problem is, MySQL doesn’t care about the username that I give it in the .DSN file. It lets me read the ENTIRE database no matter what! How do I get it to actually check the username that I give it in the .DSN file?

edit: I’m not a DBA, I’m some intern who is over his head. Please don’t assume that I know anything about anything 🙂

Answer :

I strongly suspect this is not an issue of MySQL “not checking” the username, but rather permissions which are too broad.

Start with SELECT * FROM mysql.db WHERE Db = 'yourdb'; and ensure that only the desired permissions are set for your DB.

I figured it out. The server thought that it was started with -skip-grant-tables, which allows anyone to login as any user with any password. This option wasn’t even enabled, but I tried running “FLUSH PRIVILEGES;” and that solved the problem.

Leave a Reply

Your email address will not be published.