5

I see these when running MySQLTuner.pl:

-------- Security Recommendations  -------------------------------------------
[!!] User '@debian' has no password set.
[!!] User '@localhost' has no password set.
------------------------------------------------------------------------------
  • Is it a security hole?
  • How to fix it?

Thanks

RolandoMySQLDBA
  • 171,728
  • 30
  • 293
  • 486
alfish
  • 2,654
  • 6
  • 18
  • 18

1 Answers1

6

That is definite a security hole. That's because mysql was installed that way.

To remove those entries, please run these lines

DELETE FROM mysql.user WHERE user='' or password='';
FLUSH PRIVILEGES;

Here are three(3) past posts I wrote on how and why to do such cleanup of mysql.user and mysql.db

Community
  • 1
RolandoMySQLDBA
  • 171,728
  • 30
  • 293
  • 486
  • 1
    Great answer, just a typo `FLUSH PRIVILEGES:` should be `FLUSH PRIVILEGES;` with semicolon. I copy-pasted and got an error, so tried to edit the answer but I was not allowed as it is not a 6+ chars edit... – Nicolas S Sep 30 '13 at 21:55