Hi Thomas, which entries are in the mysql user table ? 1. Connect to your MySQL DB (Console) # mysql -> Does this work without any authentication ? 2. Select the mysql Database # \u mysql 3. Select another pager for a better view # pager 4. Lets have a look to your user table ... # SELECT * FROM USER; You should have an entry like this ... Host localhost, User "empty", Password "empty" and with appropriate privileges Is your user 'roth' listed here ? ONLY for testing !!! Create a user with full privileges to all ! mysql > grant all privileges on *.* to testuser@% identified by 'testpassword' with grant option; This command creates the user 'testuser' with the access privilege 'from everywhere' with the right to to bequest his rights. With this user should be able to connect to the database with your PHP Script. Don´t forget to remove the user 'testuser' with his privileges ! Note: MySQL has its own user system - independent from the system users. Maybe this is a first step... Good luck Stefan
-----Ursprüngliche Nachricht----- Von: Thomas Roth [mailto:thomas.roth@physik.tu-darmstadt.de] Gesendet: Dienstag, 21. Oktober 2003 20:33 An: suse-security Betreff: [suse-security] mysql_connect: Access denied
Hello list,
I've got that problem with mysql + php. Both run under SuSE 8.2, (php 4.3.1 as Apache module, mysql vers. 11.18). I have tried to follow the instructions, giving 'root' a password, setting up a mysql-user with fewer privileges etc. I have set up a table in db 'test' and put in some data. Now, when I try to connect via a php-script, access is denied:
mysql_connect() [function.mysql-connect]: Access denied for user: 'roth@localhost' (Using password: NO)
The first strange thing is that the username supplied to mysql_connect() in the script is not 'roth' (although this username exists on the system).
Then I was somewhat successful by not supplying anything to the mysql_connect() function - until I realized that by default, there is a mysql-user '@localhost' without a password. Giving a password to '@localhost' of course leads with the access denial as above.
I also found that the message ' Using password: NO' appears if you say on the commandline: 'mysql -u user' If you instead put int the -p ('mysql -u user -p '), you will be asked for the password, as it should be. But how can you do that via the web/apache/php? The only advice I've found is exactly what I did: to put the relevant data into the php script and use them in mysql_connect().
Somewhere I read that in case of an empty mysql_connect(), the identity of the apache-user will be used as the default mysql-user. But apache is definitly not running as the user that appears in the complaint above.
Checking php.ini, I see that php runs in safe_mode.
Well, I'm somewhat confused and would appreciate your help
Thomas
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here