Hi,

I was looking through our DB (we would like to monitor MySQL status) and I found:

Code:
mysql> select Host,User,Password from user ;
+-----------------------------+--------+-----------------------------+
| Host                        | User   | Password                    |
+-----------------------------+--------+-----------------------------+
| localhost                   | root   | *hash                       | 
| zcs-be1.ewmail.everyware.ch | root   |                             | 
| 127.0.0.1                   | root   |                             | 
| localhost                   |        |                             | 
| zcs-be1.ewmail.everyware.ch |        |                             | 
| %                           | zimbra | *another*hash               | 
| localhost                   | zimbra | *another*hash               | 
| localhost.localdomain       | zimbra | *another*hash               | 
| localhost.localdomain       | root   |                             | 
+-----------------------------+--------+-----------------------------+
9 rows in set (0.00 sec)
Shouldn't a password for root be set universally?
While a local user is needed to really exploit this, I still consider it to be "sub-optimal" ;-)



Rainer