Home/ Questions/Q 8455393
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T12:16:35+00:00

When I start phpmyadmin I see this message: Your configuration file contains settings (root

  • 0

When I start phpmyadmin I see this message:

Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole by setting a password for user ‘root’.

What’s so unsafe about this?
Unless an attacker can somehow fool mysql into thinking that they’re sitting in front of my computer, there’s no way for them to get on.

Is there some other way for an attacker to log on to mysql if he isn’t from the correct host?

I know that in php you can choose which host you want to be from but unless they have access to edit php files on my server/computer I don’t see how they can do any harm.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s always safe to put a password even if your MySQL does not allow access from other host than localhost.

    Your phpMyAdmin it’s accessed by browser and not by IP.

    Even if you host your page on your computer, it is still better to put a password. I get my computer and servers scanned for *phpMyAdmin*, *PMA* every single day.

    So yes, it’s unsafe.

    • 0