If you're using Ubuntu and you have MySQL installed, couldn't anyone do anything to your database using root?

I mean couldn't they just log in as root and do as they please, since root has no password?

I hope I'm just being paranoid.

I dont think you are being paranoid. If there truly is no password by default on Ubuntu systems then the whole system is at risk not just mysql.

So do you really think it's a flaw? What can/should be done?

Just log onto your system as root and run passwd to set a password.

You can't log onto the system as root. Root is disabled. But I can log into MySQL as root.

Does that even make sense? Can I delete root from MySQL?

Oh well isn't there a way to change the passwords for MySQL?

Ahh, I just came across an old threat that suggests the use of phpmyadmin. I am going to try that now.

I havent tried that program in years, but it was very handy way back when.