SitePoint Sponsor

User Tag List

Results 1 to 4 of 4

Hybrid View

  1. #1
    SitePoint Enthusiast Griffinpp's Avatar
    Join Date
    Aug 2001
    Location
    Gainesville, FL
    Posts
    55
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    mySQL security (was in db development forum)

    Sorry for the cross-post, but there wasn't much response at the db development forum (there don't seem to be many people over there). Here's the issues:

    1. I've been fooling with mysql's user privilege system today, and I was wondering if there is a way to change the default user that mysql uses when someone just runs mysql, i.e.:

    c:\mysql\bin\mysql

    when I run mysql this way, there is no prompt for a password, it just dumps me straight to the mysql> prompt. The thing is that it seems to be using the root account, since I can do just about anything, including edit the mysql.user table. Any way to change this so that it prompts for a user name and password, or am I just being paranoid?



    2. I have a user "webuser" that is used for web connections. I have explicitly revoked drop and create privileges from webuser (among others):

    revoke drop on *.* from webuser;
    revoke create on *.* from webuser;

    and yet I can create and drop databases at will when I log in as webuser. Why don't the privileges apply?
    -Paul Griffin

  2. #2
    Making a better wheel silver trophy DR_LaRRY_PEpPeR's Avatar
    Join Date
    Jul 2001
    Location
    Missouri
    Posts
    3,428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i was gonna reply in the other forum... anyway, see my post in the following thread to see how to get the default MySQL installation secure: http://www.sitepointforums.com/showt...threadid=44330
    - Matt ** Ignore old signature for now... **
    Dr.BB - Highly optimized to be 2-3x faster than the "Big 3."
    "Do not enclose numeric values in quotes -- that is very non-standard and will only work on MySQL." - MattR

  3. #3
    SitePoint Enthusiast Griffinpp's Avatar
    Join Date
    Aug 2001
    Location
    Gainesville, FL
    Posts
    55
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Great! That takes care of problem #1, anyone know what the deal is with #2? I've made sure to flush privileges after changing access rights, but I can still create and drop databases under that user name.
    -Paul Griffin

  4. #4
    SitePoint Enthusiast Griffinpp's Avatar
    Join Date
    Aug 2001
    Location
    Gainesville, FL
    Posts
    55
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Anyone? Sorry to bump this, but it's bugging me that account used by web logins can create and drop databases. That shouldn't happen under any circumstances, and I can't figure out how to disallow it.
    -Paul Griffin


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •