Quote
I found that the customer's application has been using the skip-grant-tables option, ...
Oh Good Grief.
Quote
... and that all the code where the database is connected does not specify a username and password.
Have the "Developers" of this Application ever heard of "Security"?? Database or otherwise?
I
could use words like "Pathetic", but I'll restrain myself.
Quote
The database version is MySQL 5.1.
As you already know, this prehistoric version has been unsupported (a.k.a. "Dead and Buried" for almost a decade, now.
At least they're [finally]
thinking about upgrading.
Quote
Prior to MySQL 8.0.3, skip-networking was not enabled using the skip-grant-tables option. In older versions of MySQL, what was the primary use of the skip-grant-tables option?
Same as it is now.
It allows users to connect to the database and access
any table without any security restrictions. The idea would be to go into the database and
fix whatever problem forced you to do this in the first place.
MySQL has now [rightly] decided that operating the database in this "wide open" fashion is
so dangerous that they will no longer allow "remote" connections to a database running in this way. Only the DBA (i.e. you), running
locally on the database server, is allowed in).
As far as I know, there is no way around this.
The "Developers" of this application are in for a nasty shock.
They now have to "retrofit" security into the
mess that they've created, which will
not be easy - but hey; that's not your problem.
Simply tell then - quote truthfully - that they
must change their Application code to work with [proper] database security
before you can upgrade the database.