remove recommendation Restrict Host for 'root'@% to root@SpecificDNSorIp #536
Comments
|
seems I've missed the existence of https://dev.mysql.com/doc/refman/5.6/en/rename-user.html which solves all but the container environment cases. |
grooverdan
added a commit
to grooverdan/MySQLTuner-perl
that referenced
this issue
Feb 4, 2021
Altering mysql.user tables isn't something users should do. RENAME USER has existed for a long time, use this instead. Also change SpecificDNSorIp because DNS based grants are a horrible idea, fragile, and could be disabled with --skip-name-resolve. closes major#536
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reasons for removal:
container environment pretty much exclusively use '%' for grants and the network isn't known (by mysql/mariadb container producers), and even a local environment would keen it this way and apply limits in their docker swarm or kubernetes configuraiton.
UPDATE mysql.user SET host ='SpecificDNSorIp' WHERE user='root' AND host ='%'; FLUSH PRIVILEGES;
Why this is a horrible suggestion (to which detailed, but incomplete, work around can be written if still desired):
The text was updated successfully, but these errors were encountered: