Bug #18689 security guidelines
Submitted: 31 Mar 2006 14:14 Modified: 6 Apr 2006 18:33
Reporter: Sergei Golubchik Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Documentation Severity:S3 (Non-critical)
Version: OS:
Assigned to: Paul DuBois CPU Architecture:Any

[31 Mar 2006 14:14] Sergei Golubchik
Description:
"Do not ever give anyone (except MySQL root accounts) access to the user table in the mysql database! This is critical. The encrypted password is the real password in MySQL. Anyone who knows the password that is listed in the user table and has access to the host listed for the account can easily log in as that user."

This is not true since 4.1 and new authentication scheme

How to repeat:
http://dev.mysql.com/doc/refman/5.0/en/security-guidelines.html
[6 Apr 2006 18:33] Paul DuBois
Thank you for your bug report. This issue has been addressed in the
documentation. The updated documentation will appear on our website
shortly, and will be included in the next release of the relevant
product(s).