Skip to content

Ensure No Anonymous Accounts Exist


Anonymous accounts are users with empty usernames ('') and have no password.


Anyone, including unidentified, untrusted and/or malicious users can use anonymous accounts to connect to the server. Removing them will help ensure that only identified and trusted users are capable of interacting with MySQL servers.

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine mysql

Default Rule

const { isEmpty, isEmptyArray } = module

 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if no user has an empty username
function validate(databaseSettings) {

  var success = true;
  if (databaseSettings && !isEmptyArray(databaseSettings.users)) {
    // look for users with empty username
    const anonymousUsers = databaseSettings.users.filter(user => user.mysql && 
                                                        user.mysql.usersTableSnapshot &&

    success = isEmptyArray(anonymousUsers)

  return {

// invoke