Hi!
On Oct 01, Plesk Support wrote:
> Any user in mysql can create as many databases as he wants.
> Create a user with 1 database, and let him create database with name
> "my_data_base". Log into mysql console as user and run command:
>
> CREATE DATABASE "my?data?base";
>
> New database will be created and user can create tables and use it as normal
> database. You can also create "my?data_base", "my_data?base", or try
> to use *,$, #, a-z, A-Z.... and other symbols instead of underlines "_" ...
>
> I've just tried to log into MySQL console as usual non-privileged user with
> N,N,N,N... permissions in "mysql.user" and tried to create some base with
> another names -- no permissons error. However I COULD create 5 databases
> with names similar to "my_data_base"... I can operate them (as this
> user) without
> problems. Seems like huge hole in our MySQL (or MySQL at all).
No, it is not.
As noted in the manual
("Access Control, Stage 2: Request Verification" section),
mysql.db and mysql.host tables accept
wildcards in Db and Host fields of either table.
We will add a note to GRANT section to make it more clear, thank you for
the hint.
Regards,
Sergei
--
MySQL Development Team
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Sergei Golubchik <[EMAIL PROTECTED]>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/
/_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany
<___/
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
