Hi, You have a terrible problem. If your competitors can copy your database it is the fault of your ISP. The ISP should not give them access to your files. This is possible. If your ISP will not do this get another ISP in another country that will do this.
If your competitors are users of your system have them sign a contract before they can use your system. The contract should state that your users can not copy your software and they can not compete against you for a period of time after they are no longer your customers. If you are using a scripting language see if you can compile it. PHP has the Zend compiler. This will keep your competitors from easily stealing your code. It will also allow you to add code to protect your application from easily being pirated. John Griffin -----Original Message----- From: Dyego Souza do Carmo [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 1:58 PM To: Jeremy Tinley Cc: [EMAIL PROTECTED] Subject: Re[2]: The Security of MySQL Respondendo, quarta-feira, 26 de fevereiro de 2003, 14:46:45, Mensagem Original: JT> Why does a user on your system have access to rename the database? Your JT> database files should be readable only by the user that your database is JT> running as. I work with notary officers on "brazil" ... and my product i sell ! , the "users" (competitors) can be "copy" my system to sell to other users... this is terrible to my software house... the MySQL is not prepared for this ? JT> Why don't you post more information about your OS and installation so that JT> users can help you secure your site. T JT> I'm using MySQL-Pro+InnoDB 4.0.11 and i have a BIG problem... JT> My users is "hacking the database" because the MySQL system tables are JT> stored in .MYD format and to "hack database" is simple , only rename JT> the database and "copy" the blank database... restart MySQL and the JT> permissions is FULL FOR ALL USERS... JT> Exists in MySQL routines to ENCRYPT tables ? or the data inside tables JT> ? JT> the functions like ENCODE and DECODE print a "password" in log file ( JT> IN CLEAR TEXT) ....and this is terrible for me ! JT> Exists the PASSWORD on CREATE TABLE STATEMENT but i'm using and is JT> same without the clause. JT> Please MySQL-Team and users... The security of MySQL is too simple ? JT> only rename and the database is "opened for world" ? JT> please help in advance ;) JT> Tanks !!!!!!!! JT> Tanks very much !!!! ------------------------------------------------------------------------- ++ Dyego Souza do Carmo ++ Dep. Desenvolvimento ------------------------------------------------------------------------- E S C R I B A I N F O R M A T I C A ------------------------------------------------------------------------- The only stupid question is the unasked one (somewhere in Linux's HowTo) Linux registred user : #230601 -- ICQ : 221602060 $ look into "my eyes" Phone : +55 041 296-2311 r.112 look: cannot open my eyes Fax : +55 041 296-6640 ------------------------------------------------------------------------- Reply: [EMAIL PROTECTED] --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
