Search code examples
phpmysqlcoldfusionlocalhostaccess-denied

MySQL localhost access denied, until flush

We are having a very strange problem on our server.

Any user (including root), can't access mysql on local system, and it swaps between flushes.

We are using a simple php script to test it...

$username = "test";
$password = "pass123";

$conn = new mysqli("localhost", $username, $password);
if ($conn->connect_error) {echo "[localhost] Connection failed: " . $conn->connect_error;} else echo "[localhost] Connected successfully";
echo "<hr>";

$conn = new mysqli("127.0.0.1", $username, $password);
if ($conn->connect_error) {echo "[127.0.0.1] Connection failed: " . $conn->connect_error;} else echo "[127.0.0.1] Connected successfully";
echo "<hr>";

$conn = new mysqli("192.168.1.2", $username, $password);
if ($conn->connect_error) {echo "[192.168.1.2] Connection failed: " . $conn->connect_error;} else echo "[192.168.1.2] Connected successfully";

So let me step you through the sequence.

  1. MySQL user configured, user@% with pass123, with full server privs on all db.
  2. PHP Script is run. First two tests fail with access denied. Last one succeeds.
  3. Mysql user reconfigured: [email protected]
  4. Script run: All three denied.
  5. MySQL Flush Privs
  6. First two succeed. Last fails. (makes sense)
  7. MySQL User configured: user@% (original of step 1)
  8. Script run: All three succeed. (Hooray? No)
  9. MySQL Flush Privs (and/or server reboot)
  10. Back to step 2.

We can't get Coldfusion or PHP to maintain connections. It works at first, the first connection, when [email protected] (configured so in mysql), but subsequently fails in coldfusion, and php can't reliably connect depending on service restarts or flushes. PHP really outlines the problem, as seen above. But the JDBC connector for coldfusion just seems to randomly either work or not.

Any ideas what is happening here? user@% should always work, should it not?

  • MySQL v5.5, PHP v 7, Coldfusion v11 (jdbc .38 latest). Windows Server 2012.
  • my.cnf is NOT configured with bind address (all hosts allowed).
    • max-connections = 500
  • ipv6 disabled (OxFFFFFF)
  • firewall is off.
  • Same database, same users, and same configuration, works fine on windows server 2008, which we are attempting to migrate from. These are all fresh installs of each software. We were able to simply create user@%, and connect on all 3 tests, at all times.

Additional notes:

  • "localhost" when typed in browser (local IIS), sometimes works, sometimes doesnt. 127.0.0.1 works fine always.
  • no hosts entry, as win7+ uses internal dns. We added localhost entry, it made no effect.
  • IIS keeps freezing on us. The sites begin to "spin" in the browser, and never load. We have to run an iisreset. We can't determine why this happens - it seems random. Seems related to the localhost issue, yes?
Solution

  • Found the answer, sorry guys, should have researched just a moment more. https://serverfault.com/questions/122472/allowing-wildcard-access-on-mysql-db-getting-error-access-denied-for-use

    Sometimes we find the right keywords by talking about it, that rubber duck effect.

    Basically, well, apparently, mysql by default includes a blank user record, with a host of localhost, which supersedes any user@%. Resulting in this behaviour. Delete the user, and problem solved. now my firewall can be turned back on... wow.

    The IIS problems I mentioned are a topic for another day I suppose...