Currently mariadb-secure-installation mentions the test db and offers to remove it but does not mention that the anonymous user has privileges in the test_electricity database:
{code}
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
{code}
Suggest adding a bit more information and correcting minor typo:
{code}
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. This user can create or drop the test database or any
database named with the prefix test_.
You should remove this before moving into a production environment.
{code}
Currently mariadb-secure-installation mentions the test db and offers to remove it but does not mention that the anonymous user has privileges in the test_electricity database:
{code}
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
{code}
Suggest adding a bit more information and correcting minor typo:
{code}
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. This user can create or drop the test database or any
database named with the prefix test_.
You should remove this before moving into a production environment.
{code}
Currently mariadb-secure-installation mentions the test db and offers to remove it but does not mention that the anonymous user has privileges in the test_electricity database:
{code}
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
{code}
Suggest adding a bit more information and correcting minor typo:
{code}
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. This user can create or drop the test database or any
database named with the prefix test_.
You should remove this before moving into a production environment.
{code}
Currently mariadb-secure-installation mentions the test db and offers to remove it but does not mention test_electricity database permissions.
{code}
echo "By default, MariaDB comes with a database named 'test' that anyone can"
echo "access. This is also intended only for testing, and should be removed"
echo "before moving into a production environment."
echo
[...]
echo $echo_n "Remove test database and access to it? [Y/n] $echo_c"
{code}
Suggest:
{code}
echo "By default, MariaDB comes with a database named 'test' that anyone can"
echo "access. This is also intended only for testing, and should be removed"
echo "before moving into a production environment."
echo "These privileges extend to any database named with the 'test_' prefix."
echo
{code}
Also don't drop valid create grants:
{code}
do_query "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
{code}
{code}
do_query "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
DELETE FROM mysql.db WHERE user='' and (Db='test' OR Db='test\\_%');
{code}
Currently mariadb-secure-installation mentions the test db and offers to remove it but does not mention test_electricity database permissions.
{code}
echo "By default, MariaDB comes with a database named 'test' that anyone can"
echo "access. This is also intended only for testing, and should be removed"
echo "before moving into a production environment."
echo
[...]
echo $echo_n "Remove test database and access to it? [Y/n] $echo_c"
{code}
Suggest:
{code}
echo "By default, MariaDB comes with a database named 'test' that anyone can"
echo "access. This is also intended only for testing, and should be removed"
echo "before moving into a production environment."
echo "These privileges extend to any database named with the 'test_' prefix."
echo
{code}
Also don't drop valid create grants:
{code}
do_query "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
{code}
{code}
do_query "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
DELETE FROM mysql.db WHERE user='' and (Db='test' OR Db='test\\_%');
{code}
Currently mariadb-secure-installation mentions the test db and offers to remove it but does not mention eg test_electricity database permissions.
{code}
echo "By default, MariaDB comes with a database named 'test' that anyone can"
echo "access. This is also intended only for testing, and should be removed"
echo "before moving into a production environment."
echo
[...]
echo $echo_n "Remove test database and access to it? [Y/n] $echo_c"
{code}
Suggest:
{code}
echo "By default, MariaDB comes with a database named 'test' that anyone can"
echo "access. This is also intended only for testing, and should be removed"
echo "before moving into a production environment."
echo "These privileges extend to any database named with the 'test_' prefix."
echo
{code}
Also don't drop valid user created create grants:
{code}
do_query "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
{code}
{code}
do_query "DELETE FROM mysql.db WHERE user='' and (Db='test' OR Db='test\\_%')"
{code}
This will let the user keep such grants as:
{code}
grant all on `test_%`.* to 'testenv'@'localhost';
{code}
Bug
Minor