Respondendo, quarta-feira, 26 de fevereiro de 2003, 14:46:45, Mensagem Original:
JT> Why does a user on your system have access to rename the database? Your JT> database files should be readable only by the user that your database is JT> running as. I work with notary officers on "brazil" ... and my product i sell ! , the "users" (competitors) can be "copy" my system to sell to other users... this is terrible to my software house... the MySQL is not prepared for this ? JT> Why don't you post more information about your OS and installation so that JT> users can help you secure your site. T JT> I'm using MySQL-Pro+InnoDB 4.0.11 and i have a BIG problem... JT> My users is "hacking the database" because the MySQL system tables are JT> stored in .MYD format and to "hack database" is simple , only rename JT> the database and "copy" the blank database... restart MySQL and the JT> permissions is FULL FOR ALL USERS... JT> Exists in MySQL routines to ENCRYPT tables ? or the data inside tables JT> ? JT> the functions like ENCODE and DECODE print a "password" in log file ( JT> IN CLEAR TEXT) ....and this is terrible for me ! JT> Exists the PASSWORD on CREATE TABLE STATEMENT but i'm using and is JT> same without the clause. JT> Please MySQL-Team and users... The security of MySQL is too simple ? JT> only rename and the database is "opened for world" ? JT> please help in advance ;) JT> Tanks !!!!!!!! JT> Tanks very much !!!! ------------------------------------------------------------------------- ++ Dyego Souza do Carmo ++ Dep. Desenvolvimento ------------------------------------------------------------------------- E S C R I B A I N F O R M A T I C A ------------------------------------------------------------------------- The only stupid question is the unasked one (somewhere in Linux's HowTo) Linux registred user : #230601 -- ICQ : 221602060 $ look into "my eyes" Phone : +55 041 296-2311 r.112 look: cannot open my eyes Fax : +55 041 296-6640 ------------------------------------------------------------------------- Reply: [EMAIL PROTECTED] --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php