[Midgard] Midgard + MySQL privileges.

Anders Karlsson Sun, 17 Jan 1999 05:42:37 -0800
I have a few questions regarding midgard + MySQL and security.
Me and Michael Ed is trying to secure a BOX as midgard demo.
When we set no permissons to the user midgard in mysql.db we still can
update the fields
in the database. Is midgard bypassing th MySQL privilegesystem?

We are running the system on an RedHat 6.1 BOX with MySQL 3.22.27 and
midgard 1.2.5

The dump from mysql.user:

INSERT INTO user VALUES
('localhost','midgard','7665a2ee092047e5','N','N','N','N','N','N','N','N','N','N','N','N','N','N');

And mysql.tables_priv:

INSERT INTO tables_priv VALUES
('localhost','midgard','midgard','article','root@localhost',19991119171009,'Select,Insert,Update,Delete','');

INSERT INTO tables_priv VALUES
('localhost','midgard','midgard','element','root@localhost',19991119171049,'Select,Insert,Update,Delete','');

INSERT INTO tables_priv VALUES
('localhost','midgard','midgard','file','root@localhost',19991119171110,'Select,Insert,Update,Delete','');

INSERT INTO tables_priv VALUES
('localhost','midgard','midgard','image','root@localhost',19991119171146,'Select,Insert,Update,Delete','');

INSERT INTO tables_priv VALUES
('localhost','midgard','midgard','page','root@localhost',19991119171153,'Select,Insert,Update,Delete','');

INSERT INTO tables_priv VALUES
('localhost','midgard','midgard','pageelement','root@localhost',19991119171206,'Select,Insert,Update,Delete','');

INSERT INTO tables_priv VALUES
('localhost','midgard','midgard','preference','root@localhost',19991119171224,'Select,Insert,Update,Delete','');

INSERT INTO tables_priv VALUES
('localhost','midgard','midgard','style','root@localhost',19991119171237,'Select,Insert,Update,Delete','');

INSERT INTO tables_priv VALUES
('localhost','midgard','midgard','topic','root@localhost',19991119171245,'Select,Insert,Update,Delete','');

INSERT INTO tables_priv VALUES
('localhost','midgard','midgard','host','root@localhost',19991119171906,'Select','');

Any thoughts ???

Regards

Anders Karlsson


--
This is The Midgard Project's mailing list. For more information,
please visit the project's web site at http://www.midgard-project.org

To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
[Midgard] Midgard + MySQL privileges.

Reply via email to
