mysql匿名用户引起的Access denied

场景描述

• mysql -ujz -p123123 -h 192.168.5.178
  可以正常登陆(192.168.5.178为本机ip)
• mysql -ujz -p123123
  提示ERROR 1045 (28000): Access denied for user ‘jz’@’localhost’ (using password: YES)

问题分析

• select host, user, password from mysql.user;

注意：存在localhost匿名用户，并且无密码

• 问题存在于mysql的用户匹配问题，通过查阅官方文档

The server uses sorting rules that order rows with the most-specific Host values first. Literal host names and IP addresses are the most specific. (The specificity of a literal IP address is not affected by whether it has a netmask, so 192.168.1.13 and 192.168.1.0/255.255.255.0 are considered equally specific.) The pattern ‘%’ means “any host” and is least specific. The empty string ” also means “any host” but sorts after ‘%’. Rows with the same Host value are ordered with the most-specific User values first (a blank User value means “any user” and is least specific). For rows with equally-specific Host and User values, the order is indeterminate.

这里可以看出@localhost的比jz@%优先级要高，也就是说mysql -ujz在不指定host登录的时候， 匹配到的是@localhost，也就是不需要输入密码即可登录。

问题总结

为了数据的可维护性，不要创建匿名用户，尽量设定详细的host