Re: The Security of MySQL

Wed, 26 Feb 2003 10:20:46 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dyego Souza do Carmo wrote: 

I'm using MySQL-Pro+InnoDB 4.0.11 and i have a BIG problem...
My users is "hacking the database" because the MySQL system tables are
stored in .MYD format and to "hack database" is simple , only rename
the database and "copy" the blank database... restart MySQL and the
permissions is FULL FOR ALL USERS...


Exists in MySQL routines to ENCRYPT tables ? or the data inside tables
?

the functions like ENCODE and DECODE print a "password" in log file (
IN CLEAR TEXT) ....and this is terrible for me !

Exists the PASSWORD on CREATE TABLE STATEMENT but i'm using and is
same without the clause.


Please MySQL-Team and users... The security of MySQL is too simple ?
only rename and the database is "opened for world" ?

please help in advance ;)

You should use the filesystem security your operating system provides to prevent common users from copying the database files. The directory that the database files resides in only needs to allow access by the user that the MySQL server is running as. If you do this, only users who know the MySQL user's password can 'copy' the databases.

-Mark


- -- MySQL 2003 Users Conference -> http://www.mysql.com/events/uc2003/

For technical support contracts, visit https://order.mysql.com/?ref=mmma

    __  ___     ___ ____  __
   /  |/  /_ __/ __/ __ \/ /  Mark Matthews <[EMAIL PROTECTED]>
  / /|_/ / // /\ \/ /_/ / /__ MySQL AB, Full-Time Developer - JDBC/Java
 /_/  /_/\_, /___/\___\_\___/ Flossmoor (Chicago), IL USA
        <___/ www.mysql.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.1.90 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+XP/YtvXNTca6JD8RAk/6AKCb8+zk4nZ2FtJUSOaSe6IPLTBYwACfWXSy
7F+JTMjYwP1uP+DVaUL0+1U=
=BC0R
-----END PGP SIGNATURE-----


---------------------------------------------------------------------
Before posting, please check:
  http://www.mysql.com/manual.php   (the manual)
  http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to