[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Creating databases using phpMyAdmin
- Subject: Re: [cobalt-users] Creating databases using phpMyAdmin
- From: Marco Baurdoux <linux@xxxxxxxxxxxxx>
- Date: Mon Oct 1 15:32:12 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
le 1.10.2001 14:24, Nell Bolen à nell@xxxxxxxxxxxxxx a écrit :
>
>
> Marco Baurdoux wrote:
>
>> le 1.10.2001 8:43, Daniel Treadwell à daniel@xxxxxxxxxxx a écrit :
>>
>>> one word; phpMyAdmin http://www.phpwizard.net/projects/phpMyAdmin/
>>>
>>> your users can create their own stuff without u having to give them full
>>> shell access...
>>>
>>> HTH
>>
>> Hi Daniel,
>> The problem if you use phpMyAdmin to create new mysql databases is that all
>> your customer have the same username and password, so this means that one
>> customer can view the content of another customer.
>>
>> Now, I don't believe that your customers will be really happy with this.
>> With the solution I proposed every user has its own database, its own
>> username and own password.
>>
>> so only the root user of the mysql database can view all the databases.
>>
>> _______________________________________________
>> cobalt-users mailing list
>> cobalt-users@xxxxxxxxxxxxxxx
>> To Subscribe or Unsubscribe, please go to:
>> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> Have set up an MySql server that seems to work. The privilege tables in mysql
> allow domain customers to connect as "localhost" but only to their own
> databases and tables. Have tried it out using different customers'
> usernames/passwords, and when I do, I can view only the databases specific to
> a
> certain username/password. A web interface to the mysql databases, too, will
> allow me to work with only a specific database when using customers'
> usernames/passwords. Is this what you refer to above?
Yes absolutely,
This solution will prevent customer A to view the databases of customer B.
That was exactly what I wrote before. If you have one customer who would
like to store private data in his MySQL database ( Oink, wrong answer, don't
store sensitive stuff in a MySQL database, without crypting ), I'm sure that
he would not appreciate another personnes being able to peek into his
database.
>
> Am new at this. Have read somewhat about the privilege system, but would
> appreciate your views about the safety of how I've set this up. Only root can
> create databases and has all privileges. Each database gets a
> username/password. Users have only the first six privileges. Have also set up
> a
> simple web interface for customers to use to manipulate the tables in their
> databases. On the log in page, all databases are listed, but further progress
> depends up which username/password the customer uses. This interface allows
> only connection to one database, customer specific. Does this setup sound
> secure to you? Thank you for any comments and pointers.
Personally,
I use phpMyAdmin ( as most of us i believe, since it's an absolute reférence
), By applying the solution I provided in my previous postings your customer
will dispose of a "secure" database. If you use the advanced authentication
your customers shouldn't even be able to see the other database. Because
knowing which bases are on a machine can be the starting point for someone
to try and hack you. ( The less your people know about your server settings
the better it is for your safety, but don't count on this !!! )
If you wish I can send you the "phpMySQLAdmin" I use in our standard
set-up. But therefore please contact me off-list.
>
> Regards, Nell Bolen
> nell@xxxxxxxxxxxxxx
>
>