Alan McKinnon wrote:
On Monday 13 April 2009 22:10:20 Mick wrote:
Hi All,
I am not sure if I am alarming myself unnecessarily, but this is what I
observed:
Login as e.g. mick; (this is a unix acccount)
mysql -u root -p
Enter password: XXXXXX
mysql> GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, CREATE VIEW, INDEX,
INSERT, SELECT, UPDATE ON database1.* TO 'db_user1'@'localhost' IDENTIFIED
BY 'passwd1';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql>quit
Now if I login into database1 as db_user1 and then press the up arrow key
at the mysql> prompt I end up seeing all the previous commands that I ran
as root, including the 'passwd1'!!!
Isn't this a rather serious security problem? How could I do it
differently?
Not at all. What you are seeing when pressing the up arrow is not commands
stored by MySQl, but commands stored by your shell. It's complex to explain,
so bear with me:
I don't know about complicated.
cd
more .mysql_history
Works just like .bash_history
kashani
