Hi,
I'd like to add to the "security flaw" thread with my own experience.
I have been hosting MySQL databases for over 2 years and on a few occasions
have had user databases disappear.
Last month one of my admin databases was dropped. The only user who has
access to that database is root (me) and even after double checking all my
scripts/code and database/table permissions I was unable to determine how it
was done. I was able to track down the culprit and asked him how he did it.
He replied:
"When use MySQL-Front(version 2.5) as client to connect to 4.x version
MySQL server,any users(even without any granted rights) can drop any
databases. I guess there is a horrible security hole exist in MySQL 4.x
version."
I don't really understand this client side exploit, nevertheless, the
database WAS dropped and that is how he told me he did it. Is this a red
herring (false lead)? If it is true, is this exploit being addressed?
Regards,
Gary "SuperID" Huntress
=======================================================
FreeSQL.org offering free database hosting to developers
Visit http://www.freesql.org
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
