[MDEV-12073] Missing username in error 1044 Access denied for user ''@'localhost' Created: 2017-02-15 Updated: 2017-02-24 Resolved: 2017-02-24 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Server |
| Affects Version/s: | 10.1.21 |
| Fix Version/s: | N/A |
| Type: | Bug | Priority: | Major |
| Reporter: | Ruslan Altynbaev | Assignee: | Unassigned |
| Resolution: | Not a Bug | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||
| Description |
|
When a connection is made to a database with (1) a non-existent user, (2) an empty password, and (3) the database allows access for the user with an empty name, the error message changes from 1045 to 1044 and is missing the username. Reproducible on Windows and Linux. This leads to a lot of wasted time and confusion regarding the username setting. Without the user ''@'localhost':
Then add the user ''@'localhost' with no DB access rights:
|
| Comments |
| Comment by Elena Stepanova [ 2017-02-24 ] | ||||||||||||||||
|
It is not missing, it is being accurate. The message shows which user account the server applies to the connection. First, assume that you are connecting to the test database, which anonymous users are allowed to do.
That's exactly what the message shows if you are not allowed to connect to the database. I'm not sure why it leads to wasted time and confusion, as the text provides precise information about the account which it attempts to use, you just need to read it. How would it help if it said 'user1234'? You know which name you are attempting to use, the important part is what the server is using, and that's what you are getting. It becomes very important in a less obvious situation.
Now, you are attempting to connect the way you did before:
You can see right away what goes wrong, your newly created account is not being used. If it printed the username instead, as you request, that would be really confusing. | ||||||||||||||||
| Comment by Ruslan Altynbaev [ 2017-02-24 ] | ||||||||||||||||
It leads to wasted time and confusion because in most cases there are many layers of software, we do not normally connect to mysql directly, instead a Tomcat server loads a web app which instantiates a Spring bean which loads a DataSource which passes the settings to the Driver which makes the connection. In the end it is unclear whether the driver got the username from the data source correctly or not. | ||||||||||||||||
| Comment by Elena Stepanova [ 2017-02-24 ] | ||||||||||||||||
Where is what specified – that an anonymous account allows to connect anonymously? It's a definition of the anonymous account, what else would you expect it to do? You added one, so you surely had to have some knowledge of what it does? It's very dangerous to make any changes in the privilege system if you don't know how it works. Please read MySQL manual (any version really, it's the ancient logic). You can start from here, but please don't limit yourself to these pages only: On the same pages you can find notes about the "less obvious situation" from my previous comment – which you didn't ask about, although it would be actually a quite reasonable question, since this part is indeed a notorious legacy which has created a lot of confusion over the time, which is partially why the error message makes sure that you get the real information needed to investigate possible problems. |