Description: Any user in mysql can create as many databases as he wants. Create a user with 1 database, and let him create database with name "my_data_base". Log into mysql console as user and run command:
CREATE DATABASE "my?data?base"; New database will be created and user can create tables and use it as normal database. You can also create "my?data_base", "my_data?base", or try to use *,$, #, a-z, A-Z.... and other symbols instead of underlines "_" ... I've just tried to log into MySQL console as usual non-privileged user with N,N,N,N... permissions in "mysql.user" and tried to create some base with another names -- no permissons error. However I COULD create 5 databases with names similar to "my_data_base"... I can operate them (as this user) without problems. Seems like huge hole in our MySQL (or MySQL at all). >How-To-Repeat: >Fix: >Submitter-Id: <submitter ID> >Originator: Organization: Plesk Inc, > >MySQL support: [none | licence | email support | extended email support ] Synopsis: Any user in mysql can create as many databases as he wants. Severity: critical Priority: high Category: mysql >Class: Release: mysql-3.23.46 (Source distribution) >Environment: System: Linux abe.plesk.ru 2.4.7-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown Architecture: i686 Some paths: /usr/bin/perl /usr/bin/make /usr/bin/gmake /usr/bin/gcc /usr/bin/cc GCC: Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-98) Compilation info: CC='gcc' CFLAGS='-O2 -march=i386 -mcpu=i586 -fPIC' CXX='c++' CXXFLAGS=' -O2 -march=i386 -mcpu=i586 -fPIC' LDFLAGS='' LIBC: lrwxrwxrwx 1 root root 13 áÐÒ 18 21:36 /lib/libc.so.6 -> libc-2.2.4.so -rwxr-xr-x 1 root root 1282588 óÅÎ 5 2001 /lib/libc-2.2.4.so -rw-r--r-- 1 root root 27304836 óÅÎ 5 2001 /usr/lib/libc.a -rw-r--r-- 1 root root 178 óÅÎ 5 2001 /usr/lib/libc.so lrwxrwxrwx 1 root root 10 éÀÌ 23 23:58 /usr/lib/libc-client.a -> c-client.a Configure command: ./configure --without-x --disable-assembler --disable-shared --enable-large-files --without-perl --without-debug --without-bench --without-docs --with-readline --with-mysqld-user=mysql --with-low-memory --prefix=/usr/local/psa/mysql --with-named-curses-libs=/usr/lib/libncurses.a --with-named-z-libs=/usr/lib/libz.a --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php