If you mean use % for the host in the user table, that has the
negative consequence that they can connect to the mysql server from
any machine on the internet; e.g. they can do
mysql -p -u dentry -h hishost
Since they're not specifying a databse they can get this basic
connection to the server. If they were to somehow know the user name
(for example, a disgruntled former employee) they could use this to do
a brute-force password search.
From: "Jason Brooke" <[EMAIL PROTECTED]>
To: "Rusty Wright" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: Re: only 1 entry per user in user table?
Date: Wed, 11 Apr 2001 09:42:58 +1000
Did you try using % for the host instead?
> I'm trying to set it up so that I have only 1 entry per user in my
> mysql user table. My users will have the same privileges regardless
> of what host they come in from. There's only 1 database they'll be
> working with. There are 2 users, user "dentry" can add and edit
> information in the database named "mydb" and user "dbuser" can only
> look at information in the database.
>
> The following setup works. What I don't like about it is that I had
> to add a entries to the mysql user table for localhost so that they
> can connect locally as well as remotely. Ordinarily it will be
> localhost connections (via php).
>
> Notice that I'm using blank or empty values for the host in the mysql
> user table as well as the mysql db table so that the mysql host table
> is what controls where they can connect from.
>
> In order to avoid having 2 entries in the user table, can I have just
> 1 entry and use the % wildcard for the host? Then use the empty host
> in the db table and let the host table control what hosts they come in
> from?
>
> # data entry user; can edit and add to database.
> insert into user
> (Host, User, Password)
> values('', 'dentry', password('pw1'));
> insert into user
> (Host, User, Password)
> values('localhost', 'dentry', password('pw1'));
> # user of the database; can only do selects.
> insert into user
> (Host, User, Password)
> values('', 'dbuser', password('pw2'));
> insert into user
> (Host, User, Password)
> values('localhost', 'dbuser', password('pw2'));
>
> insert into db
> (Host, Db, User, Select_priv, Insert_priv, Update_priv, Delete_priv,
> Create_priv)
> values('', 'mydb', 'dentry', 'y', 'y', 'y', 'y', 'y');
> insert into db
> (Host, Db, User, Select_priv)
> values('', 'mydb', 'dbuser', 'y');
>
> insert into host
> (Host, Db, Select_priv, Insert_priv, Update_priv, Delete_priv,
Create_priv)
> values('host1', 'mydb', 'y', 'y', 'y', 'y', 'y');
> insert into host
> (Host, Db, Select_priv, Insert_priv, Update_priv, Delete_priv,
Create_priv)
> values('host2', 'mydb', 'y', 'y', 'y', 'y', 'y');
> insert into host
> (Host, Db, Select_priv, Insert_priv, Update_priv, Delete_priv,
Create_priv)
> values('localhost', 'mydb', 'y', 'y', 'y', 'y', 'y');
>
> flush privileges;
>
> ---------------------------------------------------------------------
> Before posting, please check:
> http://www.mysql.com/manual.php (the manual)
> http://lists.mysql.com/ (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
>
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
