RE: The Security of MySQL

Thu, 27 Feb 2003 08:32:19 -0800 

Are you using Windows?  If so, this root/mysql user talk will be
meaningless.  You can still make the directory secure and only touchable
by the user that mysql is running as.  Is this what you need?



> -----Original Message-----
> From: Dyego Souza do Carmo [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, February 26, 2003 12:13 PM
> To: [EMAIL PROTECTED]
> Subject: The Security of MySQL
> 
> 
> 
> 
> I'm using MySQL-Pro+InnoDB 4.0.11 and i have a BIG problem...
> My users is "hacking the database" because the MySQL system tables are
> stored in .MYD format and to "hack database" is simple , only rename
> the database and "copy" the blank database... restart MySQL and the
> permissions is FULL FOR ALL USERS...
> 
> 
> Exists in MySQL routines to ENCRYPT tables ? or the data inside tables
> ?
> 
> the functions like ENCODE and DECODE print a "password" in log file (
> IN CLEAR TEXT) ....and this is terrible for me !
> 
> Exists the PASSWORD on CREATE TABLE STATEMENT but i'm using and is
> same without the clause.
> 
> 
> Please MySQL-Team and users... The security of MySQL is too simple ?
> only rename and the database is "opened for world" ?
> 
> please help in advance ;)
> 
> 
> Tanks !!!!!!!!
> Tanks very much !!!!
> 
> 
> 
> 
> sql,query,innodb,mysql
> 
> 
> 
> 
> --------------------------------------------------------------
> -----------
>   ++  Dyego Souza do Carmo   ++           Dep. Desenvolvimento   
> --------------------------------------------------------------
> -----------
>                  E S C R I B A   I N F O R M A T I C A
> --------------------------------------------------------------
> -----------
> The only stupid question is the unasked one (somewhere in 
> Linux's HowTo)
> Linux registred user : #230601
> --                                        ICQ   : 221602060   
>                          
> $ look into "my eyes"                     Phone : +55 041 
> 296-2311  r.112            
> look: cannot open my eyes                 Fax   : +55 041 
> 296-6640        
> --------------------------------------------------------------
> -----------
>                Reply: [EMAIL PROTECTED]
> 
> 
> 




---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to