I'm using MySQL as the db for Drupal (PHP based CMS), on shared hosting. There are repeated errors because the db user does not have permission for LOCK TABLES, which Drupal uses.
The ISP says that they don't grant this permission because ... "MySQL has a bug which allows users with GrantTables* the ability to view the Database names of all other databases on the server. Whilst the users can not see any other data, knowing the names of tables can facilitate attacks." (* = I assume they meant 'Lock Tables') However I can't find any mention of this in the bugs db, nor is it listed in the manual as a side effect of granting 'lock tables' permissions. Does anyone know if it is a bug or not? Does anyone know whether LOCK TABLES really is a security risk in a shared server / multi-user environment? TIA, James Harvard -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
