I'm new to setting up databases and I installed EasyPHP(e-devserver 14.1 VC9), managed to assign a password to root user's '127.0.0.1' address through phpMyAdmin because it said leaving the password blank was a bad idea. I edited 'localhost' to the same password. That gave me the 1045 error that so many other people got, managed to find the config file and edit it as this link said. However, IPv6 (the ::1 host) still has no password and while I could edit it in phpMyAdmin, if I get another error, I have found no documentation on where to edit that.
Would that address be vulnerable without a password, and if so how do I assign one without an error?
If someone had direct access to your server, they could attempt to connect to MySQL over IPv6 with the following command: mysql -h ::1 -u root -p
If there was a MySQL root user 'root'@'::1' with no password, then they could get access.
Or if they were able to upload a PHP script to your server configured to connect over IPv6 using (PDO, mysqli etc) they could then get the script to connect.
You can check to see if root IPv6 connections are allowed by running the following query:
select user, host from mysql.user;
If you see anything in the list like root | ::1 or any other IPv6 address, there may be users configured with IPv6 host access.
To change the password of an existing IPv6 user, issue a query similar to:
SET PASSWORD FOR 'root'@'::1' = PASSWORD('cleartext password');
If the user doesn't already exist and you want to add it, use:
CREATE USER 'root'@'::1' IDENTIFIED BY 'cleartext password';
You would then need to grant the appropriate privileges to that account.