Re[2]: The Security of MySQL

Wed, 26 Feb 2003 10:58:35 -0800 

Respondendo,
quarta-feira, 26 de fevereiro de 2003, 14:46:45, Mensagem Original:

JT> Why does a user on your system have access to rename the database?  Your
JT> database files should be readable only by the user that your database is
JT> running as.
I work with notary officers on "brazil" ... and my product i sell ! , the "users"
(competitors) can be "copy" my system to sell to other users... this
is terrible to my software house... the MySQL is not prepared for this
?

JT> Why don't you post more information about your OS and installation so that
JT> users can help you secure your site.
T

JT> I'm using MySQL-Pro+InnoDB 4.0.11 and i have a BIG problem...
JT> My users is "hacking the database" because the MySQL system tables are
JT> stored in .MYD format and to "hack database" is simple , only rename
JT> the database and "copy" the blank database... restart MySQL and the
JT> permissions is FULL FOR ALL USERS...
JT> Exists in MySQL routines to ENCRYPT tables ? or the data inside tables
JT> ?
JT> the functions like ENCODE and DECODE print a "password" in log file (
JT> IN CLEAR TEXT) ....and this is terrible for me !
JT> Exists the PASSWORD on CREATE TABLE STATEMENT but i'm using and is
JT> same without the clause.
JT> Please MySQL-Team and users... The security of MySQL is too simple ?
JT> only rename and the database is "opened for world" ?
JT> please help in advance ;)
JT> Tanks !!!!!!!!
JT> Tanks very much !!!!





-------------------------------------------------------------------------
  ++  Dyego Souza do Carmo   ++           Dep. Desenvolvimento   
-------------------------------------------------------------------------
                 E S C R I B A   I N F O R M A T I C A
-------------------------------------------------------------------------
The only stupid question is the unasked one (somewhere in Linux's HowTo)
Linux registred user : #230601
--                                        ICQ   : 221602060                            
$ look into "my eyes"                     Phone : +55 041 296-2311  r.112            
look: cannot open my eyes                 Fax   : +55 041 296-6640        
-------------------------------------------------------------------------
               Reply: [EMAIL PROTECTED]



---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to