Vladislav Vaintroub added a comment - 2023-01-30 09:44 anel The situation does very well occur on non-Windows OSes, but in your environment read_user_name probably resolves to "root", and you accidentally are able to connect with that user and empty password.

Georg Richter added a comment - 2023-01-30 09:45 anel read_user_name() returns the currently logged in user, if user name for mysql_real_connect() was not specified. This behavior is the same on Windows and Posix systems: mariadb -e "select current_user()" +-----------------+ | current_user() | +-----------------+ | georg @localhost | +-----------------+   So I wonder which username do you expect on Windows, if none was specified?!

Vladislav Vaintroub added a comment - 2023-01-30 09:47 user name not specified, is when NULL is passed to mysql_real_connect. anonymous user is when "" is passed to mysql_real_connect.

Georg Richter added a comment - 2023-01-30 10:02 Same behavior in MySQL, but it is documented: https://dev.mysql.com/doc/c-api/8.0/en/mysql-real-connect.html "If user is NULL or the empty string "", the current user is assumed". So yes, it's missing in our documentation.

Anel Husakovic added a comment - 2023-01-30 12:10 Thanks wlad , georg . By testing I noted that combination anonymous user + skip-name-resolve fails on buildbot and only on Windows (below is proof). Without skip-name-resolve it works (bb doesn't fail, have seen in bb, but don't have proof to show here since used same branch for testing- can do on other branch, if you want). I understand resolving of USERNAME , but we have uncovered test case in our suite ( anonymous user + skip-name-resolve ) 1. Without skip-name-resolve , here we still have anonymous user , buildbot doesn't fail. I have test case (tested before, verified on bb): https://github.com/MariaDB/server/commit/3b3aa81df64fd9ead56d8b5d1e3325c311d51cea#diff-4f7e5eb7561bba054403ee3a773b92c8bfc44cb1640122d4890e12f8708026b2 2. With skip-name-resolve it fails (only on Windows) - here we may have a bug/or undocumented behavior: Test case: https://github.com/MariaDB/server/commit/6846913c9fecb7de3eae3470300c16c87c03a591 Failure: https://buildbot.mariadb.org/#/builders/234/builds/15431 See all builds for this case: https://buildbot.mariadb.org/#/grid?branch=bb-10.5-anel-anonymous-user-windows-check Just wanted to point that mtr is missing this test case to cover and we have failure on buildbot only on Windows . In order to cover the test case ( anonymous user + skip-name-resolve ), what do you suggest to change in above test case (case 2.) ? Based on statement [1] for Win and if in buildbot user is verified to be an Adminstrator as an current user, when skip-name-resolve is used, and if this is not a bug, should we have in mtr test pseudo-code like so: # we are using skip- name -resolve if OS == Windows # anonymous user in bb == 'Administrator' , since current user name must be specified explicitly for Windows (see [1]) and we are using skip- name -resolve connect ( 'Adminstrator' , localhost,,) else # yes we can use anonymous user connect ( '' ,localhost,,,) [1] https://dev.mysql.com/doc/c-api/8.0/en/mysql-real-connect.html "If user is NULL or the empty string "", the current user is assumed". we have this too: "Under Windows ODBC, the current user name must be specified explicitly. "

Vladislav Vaintroub added a comment - 2023-01-30 12:17 - edited I derive from looking at the code and from Georg's answer, that there is no anonymous user possible, with Connector C, because connector C does not send empty string. So, I'm not sure what's tested here. What you assume as anonymous is probably root@localhost, or root@127.0.0.1, or root@::1 . (I'm not commenting, whether localhost is or should be 127.0.0.1 or ::1, with or without skip-name-resolve, I do not care, to me it is the same thing )