Re: permissions - again

Nicole Lancaster Mon, 30 Jul 2001 14:40:31 -0700

----- Original Message -----
From: Carsten H. Pedersen <[EMAIL PROTECTED]>
To: Robert Roberts <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Saturday, July 28, 2001 6:31 PM
Subject: RE: permissions - again


> > My assumption:
> > mysql> GRANT SELECT, INSERT, UPDATE ON client_db.*
> >             TO db_user@localhost IDENTIFIED BY 'password';
> >
> > Now this is where I get a bit confused. It's not clear to me where the
> > client is connecting from. I assume they are connecting from  localhost
> > because everything is all on the same server. But:
>
> The PHP script will usually connect from/to localhost, yes.
>
> > ---are they, in actuality, connecting from their own virtual host, "
> > [EMAIL PROTECTED] "?
>
> I shouldn't think so. But why don't you let them try it
> out? The error message returned will usually something along
> the lines of "Access denied for [EMAIL PROTECTED] (using
> password: YES)" - that will tell you, how MySQL thinks the
> user is conecting.
>
> > ---they are connecting from a remote machine, so are they, then,
> > connecting
> > from some other host?
>
> Err... methinks, that's rather obvious: Yes.
>
> > ---if they are connecting from a remote machine with a dial-up
connection,
> > then it is undoubtedly a dynamic IP address, so there would be no
> > consistent
> > "host" to connect from.
>
> No, and while you cannot lock this problem down completely,
> you can at least limit the size of the opening between the
> gateposts: MySQL allows you to specify only parts of an IP
> mask as the host (something like "db_user"@"192.168.%.%" --
> I forget the exact syntax; it's in  the manual). Once you know the
> possible range of IPs their ISP provides, you can limit the
> database access to these.
>
> / Carsten
> --
> Carsten H. Pedersen
> keeper and maintainer of the bitbybit.dk MySQL FAQ
> http://www.bitbybit.dk/mysqlfaq
>
>
> ---------------------------------------------------------------------
> Before posting, please check:
>    http://www.mysql.com/manual.php   (the manual)
>    http://lists.mysql.com/           (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail
<[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
>

---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: permissions - again

Reply via email to
