they can't access them! are you sure about that?
indeed, if a user is logged on to the web host, he is acting in the
environment imposed by the operating system on the user session. in this
case, the other databases - given that the correct permissions are
established - can not be accessed.
but consider the case where the database is accessed thru a web page.
Dubois briefly discusses this topic in MySQL.
Now the user - any user - is running as whatever the web page server is
running as. so if user A wants to provide web access to his database, the
login name and password must be available to the user that the web page
server runs as.
so i can write a script, invoke it thru the web server and read user A's
cnf file which gives me his login name and password. I just got access.
I'm trying to figure out a solution to this problem. If anyone has a
solution, i would really appreciate the answer.
I have a solution to prevent modifying the database, but it is really ugly
- full of security holes. i do not have a solution to prevent reading the
database.
my web host is running linux with an apache web server.
thanks
At 04:54 AM 7/7/01 -0600, you wrote:
>Why does it matter? They can't access them, so what harm is there?
>
> > I am sure that it has been asked before. I am running a
> > hosting company
> > and I am running mysql on a win2k server.
> > We don't want any customer to see other db's of any other customer, we
> > just want them to see their own db's only. But even if you connect with a
> > username who has access to only one db, when you type "show databases" you
> > can see all other databases easily.
> >
> > Is there any solution to this problem?
> >
> > Omer Barlas
> > [EMAIL PROTECTED]
> > www.emedia.gen.tr
>
>
>---------------------------------------------------------------------
>Before posting, please check:
> http://www.mysql.com/manual.php (the manual)
> http://lists.mysql.com/ (the list archive)
>
>To request this thread, e-mail <[EMAIL PROTECTED]>
>To unsubscribe, e-mail
><[EMAIL PROTECTED]>
>Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
----------
tom marlin
[EMAIL PROTECTED]
fax / voice mail: 714 507 3802 ext 4881
Never be afraid to try something new. Remember that
- amateurs built the ark.
- professionals built the Titanic.