I have some what of a security issue that I can't seem to solve.

I run php4 and MySQL on a FreeBSD server with Apache 1.3 as the webserver
and have users that I allow access to there personal database. (example:
user johndoe uses database johndoe).

I can configure "johndoe" so he can only have access to his database and
tables with in his database however they can still use MySQL functions like
mysql_list_db to see all databases. They can't alter or read them, but it
seem to me being able to display
all database names could cause a problem.

Has anyone had this same problem, and if so is there a way to stop any php
user with a mysql account to view all database?

Help Please, Thanks!

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to