Shay definitely has bad hosting.
the guy wants a seperate mysql user with readonly privileges on his DB which is good practice. only ...
his hostingco. has given him a single DB and a single user a/c. no doubt they manage their system via a webinterface - when every they add a customer, they check the box marked "add MySQL DB to hosting package" and click go. I bet that Shay does not have access to the MySQL system tables - like he said, the user a/c he has been given any grant privileges (at least that what I think he meant)
Bastien Koert wrote:
What admin tools do you have for the db? PhpMyAdmin? something else? Many of those can be used to create additional user accounts with more limited restricitions.
Bastien
From: "Shay" <mastershay@xxxxxxxxxxx> Reply-To: "Shay" <mastershay@xxxxxxxxxxx> To: php-db@xxxxxxxxxxxxx Subject: Given only one mySQL user account by Host Company Date: Sun, 23 Jan 2005 03:03:26 -0700
My hosting company gave me one database and one root user account, and I
have no access for priviliges at all. So as far as I can tell, the only way
for me to connect to the database on my site is to do a
mysql_connect("host", "user", "pass"), where the user and pass are the ones
for this one super account.
Is this a major security concern or what? Is there a way around this, or a
way to minimize security problems? I've emailed them about this, and they
act like they have no clue what I'm talking about:
>I'm not trying to hide files or directories, I'm talking about when I use
>PHP and make a connection to the database using mysql_connect("host",
>"user", "pass"). This script is what is in my webpages that connects to the
>DB and retrieves data to print for users. Is there an anonymous account to
>use for retrieving data, or can I make one?
>
Then the program or script you are using should have means for your users to access permitted areas. And there is no anonymous account, there is only your own account Db
Now. Hosting company provide your site with tool for you to use your own programs and it's up to you which programs and how you use them. Our job is to make sure the tool is working. Other than that, we do not provide support for scripts and the programs you are using.
If you having problems to use some programs then you need to get in touch with developers and find what need to be done and how.
boilerplate idiots.
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
