Hi, The problem is not with MySQL. The problem is with the users having access to the database files. Lock up the directory that the files are stored in so that only user MySQL and the administrator (root) can access them. Also, revoke the privileges of any user, other than MySQL and the administrator, to start or stop the MySQL server process. If it is possible, remove all user access to the box your database is running on.
John Griffin -----Original Message----- From: Dyego Souza do Carmo [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 12:13 PM To: [EMAIL PROTECTED] Subject: The Security of MySQL I'm using MySQL-Pro+InnoDB 4.0.11 and i have a BIG problem... My users is "hacking the database" because the MySQL system tables are stored in .MYD format and to "hack database" is simple , only rename the database and "copy" the blank database... restart MySQL and the permissions is FULL FOR ALL USERS... Exists in MySQL routines to ENCRYPT tables ? or the data inside tables ? the functions like ENCODE and DECODE print a "password" in log file ( IN CLEAR TEXT) ....and this is terrible for me ! Exists the PASSWORD on CREATE TABLE STATEMENT but i'm using and is same without the clause. Please MySQL-Team and users... The security of MySQL is too simple ? only rename and the database is "opened for world" ? please help in advance ;) Tanks !!!!!!!! Tanks very much !!!! sql,query,innodb,mysql ------------------------------------------------------------------------- ++ Dyego Souza do Carmo ++ Dep. Desenvolvimento ------------------------------------------------------------------------- E S C R I B A I N F O R M A T I C A ------------------------------------------------------------------------- The only stupid question is the unasked one (somewhere in Linux's HowTo) Linux registred user : #230601 -- ICQ : 221602060 $ look into "my eyes" Phone : +55 041 296-2311 r.112 look: cannot open my eyes Fax : +55 041 296-6640 ------------------------------------------------------------------------- Reply: [EMAIL PROTECTED] --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
