What admin tools do you have for the db? PhpMyAdmin? something else? Many of those can be used to create additional user accounts with more limited restricitions.

Bastien

From: "Shay" <[EMAIL PROTECTED]>
Reply-To: "Shay" <[EMAIL PROTECTED]>
To: php-db@lists.php.net
Subject: [PHP-DB] Given only one mySQL user account by Host Company
Date: Sun, 23 Jan 2005 03:03:26 -0700

My hosting company gave me one database and one root user account, and I
have no access for priviliges at all. So as far as I can tell, the only way
for me to connect to the database on my site is to do a
mysql_connect("host", "user", "pass"), where the user and pass are the ones
for this one super account.

Is this a major security concern or what? Is there a way around this, or a
way to minimize security problems? I've emailed them about this, and they
act like they have no clue what I'm talking about:

>I'm not trying to hide files or directories, I'm talking about when I use
>PHP and make a connection to the database using mysql_connect("host",
>"user", "pass"). This script is what is in my webpages that connects to the
>DB and retrieves data to print for users. Is there an anonymous account to
>use for retrieving data, or can I make one?
>


Then the program or script you are using should have means
for your users to access permitted areas. And there is no
anonymous account, there is only your own account Db

Now. Hosting company provide your site with tool for you to use your
own programs and it's up to you which programs and how you use them.
Our job is to make sure the tool is working. Other than that, we do not
provide support for scripts and the programs you are using.

If you having problems to use some programs then you need to get
in touch with developers and find what need to be done and how.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Reply via email to