Rolf Hopkins wrote:
>
> What you have just described means that database permissions have not been
> set up correctly and your ISP has left himself wide open for all kinds of
> attacks and I'm not just talking about attacks on the database itself but
> also attacks on the whole system. Ie access
t;[EMAIL PROTECTED]>
To: "clay bond" <[EMAIL PROTECTED]>
Cc: "mysql@lists. mysql. com" <[EMAIL PROTECTED]>
Sent: Tuesday, February 13, 2001 21:18
Subject: Re: Shell Shocking
> Problem is that most ISPs can't afford a competent DBA...;(
>
> clay
Absolutely this is nothing short of bad adminingIbet you could scag in their
passwd file and has root access in short order...;( And of course the ISP will blame
mysql if anything happens to them though...lazy bad ISP
cheers,
mikel
Donald Korth wrote:
> Hello
>
> The hosting company
Problem is that most ISPs can't afford a competent DBA...;(
clay bond wrote:
> On Tue, 13 Feb 2001, Donald Korth wrote:
>
> > The hosting company has given me a user name and passwd . When i log into my own
>site thro' a telnet session i 'm able to view all the databases created in the server
On Tue, 13 Feb 2001, Donald Korth wrote:
> The hosting company has given me a user name and passwd . When i log into my own
>site thro' a telnet session i 'm able to view all the databases created in the server
>that includes DBs not created by me . I also did a "USE DB" command to connect t
Donald,
Poor administration of the server or incorrect privileges assigned to your user
account.
Donald Korth wrote:
> Hello
>
> The hosting company has given me a user name and passwd . When i log into my own
>site thro' a telnet session i 'm able to view all the databases created in t
Hello
The hosting company has given me a user name and passwd . When i log into my own site
thro' a telnet session i 'm able to view all the databases created in the server that
includes DBs not created by me . I also did a "USE DB" command to connect to a DB
that wasn't mine . Also "Sho