Bug #68435 user@127.0.0.1 is authorized partly as user@localhost
Submitted: 20 Feb 2013 2:07 Modified: 20 Feb 2013 2:13
Reporter: SE Department Core Tech and Program Management Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S3 (Non-critical)
Version:5.6.10 OS:Any
Assigned to: CPU Architecture:Any
Tags: authentication

[20 Feb 2013 2:07] SE Department Core Tech and Program Management
Description:
user@127.0.0.1 is authorized partly as user@localhost.

How to repeat:
- skip-name-resolve = FALSE
- /etc/hosts has the following entry.
127.0.0.1 localhost

GRANT ALL PRIVILEGES ON db1.* TO user@localhost IDENTIFIED BY 'pass1';
GRANT ALL PRIVILEGES ON db2.* TO user@127.0.0.1 IDENTIFIED BY 'pass2';

CREATE DATABASE db1;
CREATE DATABASE db2;

(a) mysql -u user -h localhost -ppass1 db1 -e '' -> authorized
(b) mysql -u user -h localhost -ppass2 db1 -e '' -> denied
(c) mysql -u user -h localhost -ppass1 db2 -e '' -> denied
(d) mysql -u user -h localhost -ppass2 db2 -e '' -> denied
(e) mysql -u user -h 127.0.0.1 -ppass1 db1 -e '' -> authorized
(f) mysql -u user -h 127.0.0.1 -ppass2 db1 -e '' -> denied
(g) mysql -u user -h 127.0.0.1 -ppass1 db2 -e '' -> authorized
(h) mysql -u user -h 127.0.0.1 -ppass2 db2 -e '' -> denied

Suggested fix:
I think the following behavior is convenient.

(e) -> denied
(f) -> denied
(g) -> denied
(h) -> authorized

If the current behavior is expected and valid (by name-resolve, etc.),
I think a detailed description in the reference manual is needed.
[20 Feb 2013 2:13] SE Department Core Tech and Program Management
Sorry, I posted at wrong account.
See Bug#68436