`users`

CRITICALWARNING

Rule IDs: sec_008, sec_009

Overview

Purpose: Account hygiene in metadata (for example empty passwords or overly broad host patterns).
Dynamic (MySQL 8.4 reference): Managed with CREATE USER, ALTER USER, DROP USER, and grants — not a single global.
Default value: N/A
Version and product notes: Authentication plugins and defaults differ by version and vendor.
Documentation: Primary reference depends on product (MySQL, MariaDB, Percona, or OS documentation).

What is checked

Rules that reference this variable, with their severity and what each rule detects:

CRITICAL sec_008: Set passwords for all MySQL users. Remove or lock unused accounts.
WARNING sec_009: Restrict user hosts to specific IPs or networks instead of '%' (any host).

Tuning guidance

Recommended actions:
- Set passwords for all MySQL users. Remove or lock unused accounts.
- Restrict user hosts to specific IPs or networks instead of '%' (any host).
Trade-offs: Security settings protect against unauthorized access and data exposure. Tighter settings may require application changes (e.g., SSL certificates for require_secure_transport, IP-based grants for skip_name_resolve).

Example

ALTER USER 'app_user'@'%' IDENTIFIED BY 'StrongPassword'; RENAME USER 'app_user'@'%' TO 'app_user'@'10.0.0.%';

Generated from the MySQL Advisor documentation build. Dynamic Yes/No reflects the excerpt aligned with Oracle MySQL 8.4 reference material consumed by this project.