Posted by:
sherlock
(---.barn.cable.virginmedia.com)
Date: October 03, 2011 12:32AM
I finally managed to get PHPMyAdmin working and I now get this warning
Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole by setting a password for user '.root'.
I have looked at the privileges and there are 3 accounts showing:
User Host Password Global privileges Grant Any % -- USAGE No root 127.0.0.1 No ALL PRIVILEGES Yes root localhost No ALL PRIVILEGES Yes
My Question is do you change all the passwords or selected ones, and if you change them all would you use the same password.
Of the three entries available for a password you should not enter one for "Any" unless you want 'anybody' who knows the password to have access. This is usually left as is.
root 127.0.0.1 and root localhost
are the same user "root" and "127.0.0.1" and "localhost" are the same host described with an IP address and a hostname respectively (two ways to reference the same locations).
So...
Any - should be left without a password and with no permissions root 127.0.0.1 - should be given a password and all privileges granted root localhost - should be given the same password as 127.0.0.1 and all privileges granted.
The blog post steps through this procedure very explicitly