In infinite wisdom Jerry Schwartz je...@gii.co.jp wrote:
Back when this was a day-to-day concern of mine, I used to check CERT's
website (the section now known as their Vulnerability Notes Database,
http://www.kb.cert.org/vuls).
If securing the database is your job, then you really need to
que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
From: wult...@gmail.com
Date: Mon, 24 May 2010 13:45:35 -0700
Subject: Re: Security issues
To: mgai...@hotmail.com
CC: je...@gii.co.jp; mysql
Back when this was a day-to-day concern of mine, I used to check CERT's
website (the section now known as their Vulnerability Notes Database,
http://www.kb.cert.org/vuls). Unfortunately, I see that the last entry for
MySQL is from years ago.
Regards,
Jerry Schwartz
Global Information
-Original Message-
From: Rob Wultsch [mailto:wult...@gmail.com]
Sent: Saturday, May 22, 2010 11:52 AM
To: Martin Gainty
Cc: mysql@lists.mysql.com
Subject: Re: Security issues
On Sat, May 22, 2010 at 5:44 AM, Martin Gainty mgai...@hotmail.com wrote:
Good Morning Rob-
one vulnerability
On Mon, May 24, 2010 at 12:07 PM, Jerry Schwartz je...@gii.co.jp wrote:
-Original Message-
From: Rob Wultsch [mailto:wult...@gmail.com]
Sent: Saturday, May 22, 2010 11:52 AM
To: Martin Gainty
Cc: mysql@lists.mysql.com
Subject: Re: Security issues
On Sat, May 22, 2010 at 5:44 AM, Martin
, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
From: wult...@gmail.com
Date: Mon, 24 May 2010 13:27:52 -0700
Subject: Re: Security issues
To: je...@gii.co.jp
CC: mgai...@hotmail.com; mysql@lists.mysql.com
On Mon, May 24, 2010 at 12:07 PM, Jerry Schwartz je
On Mon, May 24, 2010 at 1:42 PM, Martin Gainty mgai...@hotmail.com wrote:
Good Afternoon Rob-
if you're implementing either glassfish or weblogic webserver
your best fit solution would be Oracle Identity Manager
there are 'other' identity solutions such as RSA which are
1)far more complex
Good Morning Rob-
one vulnerability (with UDFs)
http://dev.mysql.com/tech-resources/articles/security_alert.html
a manager considering a enterprise-wide security solution may want to consider
Oracle Identity Manager (with Glassfish 3.2)
On Sat, May 22, 2010 at 5:44 AM, Martin Gainty mgai...@hotmail.com wrote:
Good Morning Rob-
one vulnerability (with UDFs)
http://dev.mysql.com/tech-resources/articles/security_alert.html
a manager considering a enterprise-wide security solution may want
to consider Oracle Identity Manager
You could use CVE, Postgre's security page doesn't seem to sync with their
CVE entries, even though they reference CVE entries on their comprehensive
security page.
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=postgresql
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mysql
JW
On Sat, May
At 2:51 PM -0500 3/19/08, Brown, Charles wrote:
I inherited a mysql server database. Stuff are not documented. My
question is: Are there any security work-arounds in mysql. I have access
to the cnf file. I need to get in and dump the database. I was told that
the cnf file allows security over
Hi,
On 3/19/08 3:51 PM, Brown, Charles [EMAIL PROTECTED] wrote:
I inherited a mysql server database. Stuff are not documented. My
question is: Are there any security work-arounds in mysql. I have access
to the cnf file. I need to get in and dump the database. I was told that
the cnf file
On Wed, Mar 19, 2008 at 3:51 PM, Brown, Charles [EMAIL PROTECTED] wrote:
I inherited a mysql server database. Stuff are not documented. My
question is: Are there any security work-arounds in mysql. I have access
to the cnf file. I need to get in and dump the database. I was told that
the
Hi Adrian,
On 8/25/06, Adrian Greeman [EMAIL PROTECTED] wrote:
The security settings could not be applied to the database because the ..
I am pasting here the text of one of my earlier posts to this list:
I got MySQL 5.0.22 running successfully
On Mon, Jun 05, 2006 at 10:16:05PM -0700, Ken Williams wrote:
Anyone know if 4.0.27 will be fixed for the mysql_real_escape issue?
(http://lists.mysql.com/announce/364)
4.1 and 5 have been already, kinda wondering why 4.0 hasn't.
It will not, because 4.0 does not have this bug.
Jim Winstead
If it's a DoS attack then perhaps you should be speaking to your ISP and
getting that resolved rather than trying to work around the problem on
your side of things!
Having said that, you could possibly impose host level restrictions in
MySQL, but that could be a lot of work to modify your
[EMAIL PROTECTED] wrote:
MySQL has moved WELL past the 3.23.x lineage and is getting close to
retiring the 4.0.x lineage (it's only a rumor). So I suggest you update
Not completely a rumor; on August 2, Heikki wrote: As far as I know,
one release of 4.0 will still be built.
Considering the
Alejandro [EMAIL PROTECTED] wrote on 08/16/2005 03:01:59 PM:
Hi,
I have installed binary mysql version 3.23.58 downloaded from
www.mysql.org.
In changelog from the documentation say that the release is from
september 2003 and the security bug is in March 2005.
What can I do ? How mysql
I agree with you,
I will upgrade .
Thanks for the advice.
On 8/16/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Alejandro [EMAIL PROTECTED] wrote on 08/16/2005 03:01:59 PM:
Hi,
I have installed binary mysql version 3.23.58 downloaded from
www.mysql.org.
In changelog
Chris W wrote:
In an effort to make sure no binary data is maliciously submitted via a
form I have code the makes sure all characters in any input field are
with in the range of a space to a ~. However now that I am getting
some users of my site from Europe, that are having problems submitting
Ginger,
can't speak to the log file issue but check out this
link for the dynamic server variables:
http://dev.mysql.com/doc/mysql/en/Dynamic_System_Variables.html
Best O'luck,
Tripp
--- Ginger Cheng [EMAIL PROTECTED] wrote:
Hello, MySQL gurus,
Sometimes the 'local' option of 'load
It depends on the variable. Can you give an example of the variable you are
trying to set?
As far as the load data infile, I believe it depends on how your database
will be accessed.
If you have a need for remote administration or are working with
geographically separated databases then the
a to see transactions that pertain
to him/her.
Many thanks.
- Original Message -
From: Mike Johnson [EMAIL PROTECTED]
To: MySQL [EMAIL PROTECTED]
Sent: Wednesday, March 10, 2004 4:55 PM
Subject: RE: Security
From: Maru, Mulugeta [mailto:[EMAIL PROTECTED]
When I go online
Thank you very much. Makes sense.
- Original Message -
From: Curtis Maurand [EMAIL PROTECTED]
To: Mulugeta Maru [EMAIL PROTECTED]
Cc: Mike Johnson [EMAIL PROTECTED]; MySQL [EMAIL PROTECTED]
Sent: Friday, March 12, 2004 1:17 PM
Subject: Re: Security
Usernames, passwords
You've been perfectly clear. The MySQL permission system will not define this
level of security. You must design you application so that it will only give
access to the rows that pertain to the customer that is logged in. Create a
MySQL user which can read and write to your database. Then
From: Mulugeta Maru [mailto:[EMAIL PROTECTED]
Hi Mike,
I am sorry for the confusion I might have caused. May be it
would help to give a clear example.
Table - Customers (CustomerID, CustomerName, Address, etc)
Table - Transaction(TransactionID,CustomerID,Date,Amount)
Note:
- Original Message -
From: Paul Rigor [EMAIL PROTECTED]
To: Mulugeta Maru [EMAIL PROTECTED]; MySQL [EMAIL PROTECTED]
Sent: Tuesday, March 09, 2004 7:46 PM
Subject: Re: Security
Heya,
Those are the default databases that comes with the setup. the mysql
database holds info on mysql
Only being able to see certain rows is not a function of MySQL, it is a
function of the application you write for the user to access the database.
If a user has permission to read a table, they can read all rows. It is up
to your application to make sure they are only seeing rows that apply
or not and run another query to get all
transaction that match my account number.
Do I make sense?
-Original Message-
From: Joshua J. Kugler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 10, 2004 5:34 PM
To: Mulugeta Maru; MySQL
Subject: Re: Security
Only being able to see certain rows
From: Maru, Mulugeta [mailto:[EMAIL PROTECTED]
When I go online to access my bank account I only see
transactions pertain to my account only. I think when ever I
make a transaction the database records my account number in
the transaction table. When I log-in using my account number
and
: Joshua J. Kugler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 10, 2004 5:34 PM
To: Mulugeta Maru; MySQL
Subject: Re: Security
Only being able to see certain rows is not a function of MySQL, it is a
function of the application you write for the user to access the database.
If a user has
is that
customer A is able to modify customer B's record.
In short how would you restrict customer a to see transactions that pertain
to him/her.
Many thanks.
- Original Message -
From: Mike Johnson [EMAIL PROTECTED]
To: MySQL [EMAIL PROTECTED]
Sent: Wednesday, March 10, 2004 4:55 PM
Subject: RE
At 20:39 -0600 3/10/04, Mulugeta Maru wrote:
Hi Mike,
I am sorry for the confusion I might have caused. May be it would help to
give a clear example.
Table - Customers (CustomerID, CustomerName, Address, etc)
Table - Transaction(TransactionID,CustomerID,Date,Amount)
Note: CustomerID in Customer
Heya,
Those are the default databases that comes with the setup. the mysql
database holds info on mysql accounts. the test is an empty
database. You should create a new database CREATE DATABASE customers
then use customers... after that... you can setup the tables you mentioned.
Goodluck!
: Tuesday, March 09, 2004 7:46 PM
Subject: Re: Security
Heya,
Those are the default databases that comes with the setup. the mysql
database holds info on mysql accounts. the test is an empty
database. You should create a new database CREATE DATABASE customers
then use customers... after
On Wed, 2004-01-14 at 13:32, Chris W wrote:
Are there many php or mysql configuration considerations for making the
site secure? I have already done the obvious with my sql and set up the
grant tables with passwords for all users and removed the [EMAIL PROTECTED] user.
Give the MySQL user
would not be too significant?
Best regards,
Andy
-Original Message-
From: Curley, Thomas [mailto:[EMAIL PROTECTED]
Sent: 26 November 2003 13:22
To: [EMAIL PROTECTED]
Subject: RE: Security Question
Importance: High
thanks for reply - the requirement comes from a security audit -
so
Hi!
On Nov 27, DeBug wrote:
- Someone copies the DB files to another box, starts a mysql
instance, loads the DB and presto - views the 'private' data !!!
PD Sure. That's why you establish filesystem level access privileges so that
PD only the mysql user can copy them in the first place.
Thomas,
I am trying to find a solution to the following security issue with MySql DB on linux
- Someone copies the DB files to another box, starts a mysql instance, loads the DB and presto - views the 'private' data !!!
Well, someone should not have access rights to the DB files on the
first
If there is no solution to this then MySql should not be used on internet accessible
boxes for dynamic web sites
Thomas
-Original Message-
From: Fagyal, Csongor [mailto:[EMAIL PROTECTED]
Sent: 26 November 2003 12:51
To: Curley, Thomas
Cc: [EMAIL PROTECTED]
Subject: Re: Security Question
Thomas,
I
On Wednesday 26 November 2003 13:22, Curley, Thomas wrote:
Another Assumption
--
Encrypting / decrypting all data on the fly would be too expensive and
grind the app to a halt
So the question again :-
Any ideas on how to avoid having data files stored with absolutely
:51
To: Curley, Thomas
Cc: [EMAIL PROTECTED]
Subject: Re: Security Question
Thomas,
I am trying to find a solution to the following security issue with MySql
DB on linux
- Someone copies the DB files to another box, starts a mysql instance,
loads the DB and presto - views the 'private
, the more
roadblocks you put between a potential hacker and your sensitive data, the
better.
-M
-Original Message-
From: Curley, Thomas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 8:22 AM
To: [EMAIL PROTECTED]
Subject: RE: Security Question
Importance: High
thanks for reply
PROTECTED]
Sent: 26 November 2003 13:36
To: Curley, Thomas; [EMAIL PROTECTED]
Subject: RE: Security Question
One of the first things that I did at my former job was to turn off all
external-facing network adapters to our DB machines. If you're fortunate
enough that your DB resides on it's own box
On Wednesday 26 November 2003 13:43, Curley, Thomas wrote:
Mike
Correct and this is the architecture. The internet facing box has a
routable IP, the DB box is separate and is not ext routable.
The issue the security review highlighted strongly was the fact that if a
hacker got access to
To the chap who siad its not a DB issue - I will check with Oracle but I'm
sure that dropping in a directory in oracle will not give you full access
to a database (a clear one that is)
The chap was me :-) I'm sure it does on oracle. Once you have an Oracle
installation and got hold of all
Hacker gets in this way:
-[Webserver][rooted]-[DBServer][rooted]-File_Access(/var/lib/mysql/database)
I'd say the major security breach is already when the Webserver is rooted.^
If he gets to your webserver he could still read WHATEVER DATA he wants from
your database with the information he
Hi!
On Nov 26, Curley, Thomas wrote:
thanks for reply - the requirement comes from a security audit - so
try to think in terms of a hacker
Obviously and (I had assumed)
1.- the files would have tight unix security file permissions
applied
2.- indeed the key would be stored on an
Stefan Kuhn wrote:
To the chap who siad its not a DB issue - I will check with Oracle but I'm
sure that dropping in a directory in oracle will not give you full access
to a database (a clear one that is)
The chap was me :-) I'm sure it does on oracle. Once you have an Oracle
installation
At 07:22 AM 11/26/2003, you wrote:
Another Assumption
--
Encrypting / decrypting all data on the fly would be too expensive and
grind the app to a halt
Not true. There are some databases that can encrypt records on the fly
without any speed degradation ( 1%) using either
Curley, Thomas wrote:
I am trying to find a solution to the following security issue with MySql DB on linux
- Someone copies the DB files to another box, starts a mysql instance, loads the DB and presto - views the 'private' data !!!
As all the other posters have mentioned, you should have
At 16:13 -0500 11/26/03, Kevin Carlson wrote:
Curley, Thomas wrote:
I am trying to find a solution to the following security issue with
MySql DB on linux
- Someone copies the DB files to another box, starts a mysql
instance, loads the DB and presto - views the 'private' data !!!
As all the
At 03:21 PM 11/26/2003, you wrote:
If someone can copy your database files, you're hosed. All the attacker
need do is start the server with --skip-grant-tables, and he can can
connect to it with no password, and has complete access to any files
managed by the server.
Paul Curley,
If you give access rights to a user on a DB, he will always be able to
see the table structure. This is how it is implemented in MySQL (which
does not mean that I like this).
Cheers
/rudy
-Original Message-
From: QWERTY [mailto:[EMAIL PROTECTED]
Sent: maandag 4 augustus 2003
PROTECTED]
Gesendet: Montag, 4. August 2003 14:50
Betreff: RE: Security related! Not possible to hide table structure. I couldn't
find. ?
If you give access rights to a user on a DB, he will always be able to
see the table structure. This is how it is implemented in MySQL (which
does not mean that I
From the fine manual:
4.2 General Security Issues and the MySQL Access Privilege System
MySQL has an advanced but non-standard security/privilege system. This
section describes how it works.
http://www.mysql.com/doc/en/Privilege_system.html
Brian McCain
- Original Message -
From:
Read the section of the manual on table types.
Different table drivers offer differnt types of locking.
ISAM and MYISAM don't,
but BDB and INNODB types offer different types of row and or page locking.
[EMAIL PROTECTED] wrote:
Hello,
I would like to know if MySQL allows for record locking.
cwilli14,
Tuesday, December 03, 2002, 10:03:06 PM, you wrote:
cardrdc This also does not enable me to upload a data file. My resulting SQL
cardrdc statement reads:
cardrdc LOAD DATA LOCAL '/tmp/phpgPhl51' INTO TABLE test FIELDS TERMINATED BY ','
cardrdc ENCLOSED BY '' ESCAPED BY '\\' LINES
Chris,
Tuesday, December 03, 2002, 6:58:39 AM, you wrote:
CW I developed a PHP application where users can update a mySQL table using
CW LOAD DATA. Recently I installed this application on another web server where
CW the File Permissions have been set such that this method of uploading data
CW is
5:50 AM
Subject: re: Security issues with LOAD DATA
Chris,
Tuesday, December 03, 2002, 6:58:39 AM, you wrote:
CW I developed a PHP application where users can update a mySQL table
using
CW LOAD DATA. Recently I installed this application on another web server
where
CW the File Permissions
Daniel,
Monday, October 28, 2002, 1:06:10 AM, you wrote:
DLS In my mysql.db file, I have some lines like:
DLS %.private | somedb | someuser | Y | Y | Y | Y | Y | Y | N | Y | Y | Y
DLS So, I have an internal domain called private, those hosts are in an
DLS internal DNS, and can be reverse
At 5:54 -0500 10/17/02, Terry Cheryl Haimann wrote:
I was reading a book at BN yesterday which left me with the
impression that in MySQL you can do the following:
What book was this?
Define a group with specific security access.
Then define a list of users that inherit this groups security
I belive it will work in Windows
Insane
- Original Message -
From: Terry Cheryl Haimann [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 17, 2002 4:24 PM
Subject: Security
I was reading a book at BN yesterday which left me with the impression
that in MySQL you can do
Hello.
On Wed 2002-10-02 at 09:49:30 -0400, [EMAIL PROTECTED] wrote:
Hi! I found a security bug on mysqlgui-win32-static-1.7.5-2. When I
install it on my desktop (win2k), I setup a password for the
database.
What does setup a password for the database mean? Passwords are not
per-database
Hi!
On Oct 01, Plesk Support wrote:
Any user in mysql can create as many databases as he wants.
Create a user with 1 database, and let him create database with name
my_data_base. Log into mysql console as user and run command:
CREATE DATABASE my?data?base;
New database will be
At 16:53 -0700 9/24/02, Tom Emerson wrote:
Being new to MySQL, it took a while to grok how security works. Now that
I have a bit of a better understanding, a mental revalation is coming to
the surface of my mind: since mysql users are NOT unix/windows-domain
users, is the root user truly needed
Daniel's,
Friday, August 30, 2002, 3:11:17 AM, you wrote:
DsL *This message was transferred with a trial version of CommuniGate(tm) Pro*
DsL I installed Mac OS X 10.2 this last weekend and since then I've been
DsL having some problems with the security on the MySQL files. I thought
DsL that I
Mike,
Thursday, August 15, 2002, 12:45:06 AM, you wrote:
MH Hi there,
MH I posted this a few days ago and recieved no responses, so I thought I would
MH post it again:
Mike, I answered you yesterday.
MH Hi All;
MH I am working on a front end to my database, but I am running into a bit of
MH
At 15:24 -0300 7/26/02, Anderson Pereira Ataides wrote:
Why should I close port 3306 used by mysql? What would happen if a hacker use
this port?
You may want to close it at your firewall, if you want to allow the server
to be used only by machines on the local side of the firewall. That will
Pada Fri, 26 Jul 2002 15:24:58 -0300
Anderson Pereira Ataides [EMAIL PROTECTED] menulis :
Why should I close port 3306 used by mysql? What would happen if a hacker use
this port?
Hemmm ... if you close the port 3306, so where do you put the mysqld to LISTEN on ?
Well, if you considering the
Hi.
On Fri 2002-07-26 at 15:24:58 -0300, [EMAIL PROTECTED] wrote:
Why should I close port 3306 used by mysql? What would happen if a
hacker use this port?
You should close it (as far as reasonable only, of course), simply,
because you lose nothing, but gain an additional layer a malicious
On Tue, 11 Jun 2002, MikeParton wrote:
Where in the MySQL docs does it discuss DES_ENCRYPT/DES_DECRYPT support?
Alternatively (and I am posting this to the php lists), anyone know where,
or if, I can get pre-compiled libmcrypt library for php 4.2.1?
On Tue, 11 Jun 2002, Ray wrote:
looking for something like
encrypt(str, protected_str)
and
decrypt (crypt_str, private_str)
and probably a make_key_pair()
its not a vital part of my current project, but i'm sure someone will get
cracked into (again) and then there will be another wave
PROTECTED]
Sent: Tuesday, June 11, 2002 4:16 PM
Subject: Re: security paranoia
On Tue, 11 Jun 2002, Ray wrote:
looking for something like
encrypt(str, protected_str)
and
decrypt (crypt_str, private_str)
and probably a make_key_pair()
its not a vital part of my current project
John:
Since you host your application(s) with your ISP, don't worry about it. It's a
useful and valid question, but you're not in a position to address it completely
while security is in control of someone beside yourself.
Look here to make yourself better educated about MySQL security:
Since you are using a hosted database you probably can't change any of the
security. What I would do is create a table of usernames and passwords
(and any other releveant user data). When your users login, check their
password and proceed accordingly.
Craig
At 02:44 AM 4/8/2002, you wrote:
Philip,
you should explicitly specify host/password in the GRANT statement, like
this:
GRANT ALL ON xxx.* TO user@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
This way the user will only granted access from the specified host, you
don't need to manually INSERT into the user table.
On Tue, Feb 19, 2002 at 04:39:10PM +0100, Peter Banik wrote:
you should explicitly specify host/password in the GRANT statement, like
this:
GRANT ALL ON xxx.* TO user@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
This way the user will only granted access from the specified
»Philip Mak« sagte am 2002-02-19 um 10:25:38 -0500 :
One thing's been bothering me for a while: When I create a user and
database in MySQL, the user always ends up with an extra entry with
host='%' and password=''. How is this happening? This is how I create
a new database and user:
mysql
-Original Message-
From: BD [mailto:[EMAIL PROTECTED]]
Sent: 18 February 2002 21:31
To: [EMAIL PROTECTED]
Subject: Security concerns on webserver with PHP InnoDB
I'm creating a web application with MySQL, PHP, InnoDB and I need to know
whether I should split the one large
You can usually try providing an empty -p parameter and be asked for the
password afterwards.
Bogdan
Philip Mak wrote:
As far as I can tell, mysqlhotcopy does not provide a way of specifying
the password anywhere other than the command line (e.g. it doesn't seem
to read .my.cnf).
On Sun, 30 Dec 2001, Bogdan Stancescu wrote:
You can usually try providing an empty -p parameter and be asked for the
password afterwards.
Doesn't seem to work:
[mysql@lina mysql]$ mysqlhotcopy -u root -p test .
DBI-connect(;host=localhost;mysql_read_default_group=mysqlhotcopy)
failed:
mysqlhotcopy -uroot -p test .
Philip Mak wrote:
On Sun, 30 Dec 2001, Bogdan Stancescu wrote:
You can usually try providing an empty -p parameter and be asked for the
password afterwards.
Doesn't seem to work:
[mysql@lina mysql]$ mysqlhotcopy -u root -p test .
Ooops! Sorry, I tested it and it doesn't work! Sorry for misleading you... ;-)
Bogdan
Bogdan Stancescu wrote:
mysqlhotcopy -uroot -p test .
Philip Mak wrote:
On Sun, 30 Dec 2001, Bogdan Stancescu wrote:
You can usually try providing an empty -p parameter and be asked for the
Jack writes:
1. What should i do if i want to limit the user which can only edit the
record belongs to him/her. i mean user can only update to his own record but
not the others!!
This sort of security is best handled at the application level. If
you don't want your users to access the
try driver vbmysql.dll at www.icarz.com/mysql/index.html
SF
At 16:00 24/8/2001 +0800, Jason Kwok wrote:
Hi,
I want to write a program with VB in win98 box and connect to mySQL in
Linux. I think the only way to do is to connect thru ODBC with myODBC. But
with using ODBC, all ID password
Hi!
Sinisa == Sinisa Milivojevic [EMAIL PROTECTED] writes:
Sinisa Robert Cross writes:
I've got a wierd problem with 3.23.38, built from source, running on RedHat
v6.2 (Intel). Put simply the wildcard character for user access doesn't
work. From my reading of the docs any of the
Robert Cross writes:
I've got a wierd problem with 3.23.38, built from source, running on RedHat
v6.2 (Intel). Put simply the wildcard character for user access doesn't
work. From my reading of the docs any of the following:
grant all on mtdb.* to user1 identified by bozo1;
I wrote:
I've got a wierd problem with 3.23.38, built from source, running on
RedHat
v6.2 (Intel). Put simply the wildcard character for user access doesn't
work. From my reading of the docs any of the following:
grant all on mtdb.* to user1 identified by bozo1;
grant all on
Robert Cross writes:
I wrote:
Try first granting USAGE on *.* to both users with 'identified by ...'
and then try granting database rights.
Thanks Sinisa, that works perfectly. I've now got a wonderful small and
fast database
that I can let the users into!
Bob Cross.
You are
C:\mysql grant all on *.* to administrator@sara identified by delboy
Try this:
C:\mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 463668 to server version: 3.23.39-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql grant all on
Hello.
On Wed, Jun 20, 2001 at 12:36:28PM +0100, [EMAIL PROTECTED] wrote:
Hi folks,
How come I can access databases on my server using an illegal username and
password combination with the MySQL GUI? The username and password are valid
on the server but should only work on localhost and I
Dear Y'all -
Paul DuBois writes:
At 9:53 AM -0400 5/9/01, Brian Cuttler wrote:
The developers that want to use the database would like ownership
of the files and daemon so that they can modify and restart at will.
Tell them to pick one of their accounts to be used for running the
At 9:53 AM -0400 5/9/01, Brian Cuttler wrote:
Hello,
We are installing MySQL 3.22.21 as pre-built for IRIX, installing
on IRIX 6.5.7m.
The developers that want to use the database would like ownership
of the files and daemon so that they can modify and restart at will.
Tell them to pick one of
I haven't read Mysql's authorization mechanism from Paul's book, but from the Oreilly
book and it was pretty comprehensive and intuitive. I suggest you borrow that book
from your local library or buy it.
To try to write here about how it works would be a waste of time for both of us. It is
Ashley,
Are you using the GRANT statement?
That is the easiest way to get it right.
Read up on the GRANT SQL statement. Look at the examples...
Using regular inserts into the mysql database, can cause improper input into
the tables, which can (from personal experience) cause mysqld to not run.
"Thalis A. Kalfigopoulos" wrote:
I haven't read Mysql's authorization mechanism from Paul's book, but from the
Oreilly book and it was pretty comprehensive and intuitive. I suggest you borrow that
book from your local library or buy it.
Ya, it's already on its way...(the book that is).
There's some good documentation (a lot of it in the form of 'warnings') on
security aspects of the "mysql" database.
http://mysql.com/documentation/mysql/bychapter/manual_Privilege_system.html#Privilege_system
But, here's some quick notes:
Anyone who has 'modify' permissions to the
"Ashley M. Kirchner" wrote:
Okay, I'm about to rip my hair out trying to figure this out, and I
thought before I start looking for a gun, maybe I should ask..
I need someone to explain the 'mysql' database to me. I've tried
reading about it, tried different settings, but I'm
On 4/9/01 10:12 AM, "Burke Patrick" [EMAIL PROTECTED] wrote:
Hi Lindsay,
maybe you can help me?
I am trying to give a user SELECT access to just one table in my database.
If I don't give him SELECT privileges in the mysql.user table or mysql.db
table, he cannot even login to the
1 - 100 of 110 matches
Mail list logo