Vicon's profile image Vicon posted 2 weeks ago in General Permalink

Hello, good morning, I have a big question, although I know it is a basic one. When the server requires HeidiSQL to manage and has no password, for example, someone logs in with the user "root" and leaves the password field empty, using localhost, is this dangerous? Can someone connect through another HeidiSQL by pointing to the IP, or is there any way for someone to connect to HeidiSQL and access this database just by the IP because it has no password? It is the user root and the password field is empty?

ansgar's profile image ansgar posted 2 weeks ago Permalink

Yes, an empty password is insecure. Do not create users without a password.

The server may be secured by other ways, for instance a firewall, or without network access, to make it safer. But it's always a good practice to use passwords.

JAB Creations's profile image JAB Creations posted 5 days ago Permalink

Please create threads with useful titles. In example: "Is an empty password for localhost insecure?" as people searching for the same answer may come across your thread.

Please login to leave a reply, or register at first.