I'm new around XAMPP on Windows 7, usually I uses MariaDB on a Linux Debian.
I notice something strange recently: the default root doesn't have a password, but the problem for me is why do I'm able to login to MariaDB using anything and I mean literally anything that doesn't even belonged to an existing username.
ex:
mysql -u johndoe
I can login using that kind of username eventhough there's no johndoe user, it's not a big problem though because even though I can login using that username, I can't do anything because those users doesn't had any access yet, but my question is why is it happening? And how to stop it?
Thanks, stackoverflow!
Connect to the database as root. Make sure you are really root by running
SELECT CURRENT_USER();
It should show root@localhost or something else that has root as a username. Then run
SELECT user, host FROM mysql.user WHERE user = '';
If it returns anything, then it's the reason why you can connect with non-existing user names -- you have so-called anonymous accounts.
To stop it, run
DELETE FROM mysql.user WHERE user = '';
FLUSH PRIVILEGES;