Without the ability to update the database "mysql", your suggestion doesn't 
Just to confirm, here is a quick check to perform locally.

1. Log in as root.
2. Create DB "test" and user "test" with all privileges with grant option on only database "test".
(grant all privileges on test.* to 'test'@'localhost' identified by 'password' with grant option;)
3. Log out and reconnect with userid 'test'. Note that your top level db is now "test".
4. Create a table "testtable" in db "test"
5. Attempt to create new user "foo" with (any) privileges on test.testtable. You will receive the following error message: "Error Code : 1044
Access denied for user: '[EMAIL PROTECTED]' to database 'mysql'"

Shay is in the same boat as user "test."


Bastien Koert wrote:
Another thought on this:

Even though you don't have access via phpmyadmin to get to the users table, could you try to create users/grant privileges via straight sql thur the PMA sql window?


grant select, insert, update to 'bob'@'localhost' on mysql.users indentified by password('my_pass');


From: Doug Thompson <[EMAIL PROTECTED]>
CC: php-db@lists.php.net
Subject: Re: [PHP-DB] Given only one mySQL user account by Host Company
Date: Sun, 23 Jan 2005 15:51:41 -0700

Shay wrote:

Yes they gave me phpMyAdmin to use, and no, I have no access to the user/privilege table. So the only way to output database entries is to connect with the single super account they gave me.

Principally, this means you cannot allocate user accounts for mysql. No big deal unless you have a business model that calls for that. In which case, refer to my first comment in my original reply.

I have a question about what you said Doug:

Use INCLUDEs for the login portions of the script(s) and place them in a protected directory. If >you are unable to protect directories (.htaccess) with this host, they are begging for trouble and >victimizing their subscribers.

In other words, call on an external function to connect to the database, and place the file with this function in a directory that is .htaccess protected. Is this correct? I do have a separate file with a database connect function that all the pages on my site use, I just don't have it in a .htaccess protected directory.

Exactly right. The objective is to make it more difficult to hack the mysql login info.


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to