Re: Given only one mySQL user account by Host Company

[Doug Thompson <dthompson@xxxxxxxxxxxxx>]

Without the ability to update the database "mysql", your suggestion doesn't work.
Just to confirm, here is a quick check to perform locally.

1.  Log in as root.
2.  Create DB "test" and user "test" with all privileges with grant option on only database "test".
   (grant all privileges on test.* to 'test'@'localhost' identified by 'password' with grant option;)
3.  Log out and reconnect with userid 'test'.  Note that your top level db is now "test".
4.  Create a table "testtable" in db "test"
5.  Attempt to create new user "foo" with (any) privileges on test.testtable.  
   You will receive the following error message:   "Error Code : 1044
   Access denied for user: 'test@localhost' to database 'mysql'"

Shay is in the same boat as user "test."

Doug


Bastien Koert wrote:
> Another thought on this:
>
> Even though you don't have access via phpmyadmin to get to the users 
> table, could you try to create users/grant privileges via straight sql 
> thur the PMA sql window?
>
> ie
>
> grant select, insert, update to 'bob'@'localhost' on mysql.users 
> indentified by password('my_pass');
>
> bastien
>
>
>
> > From: Doug Thompson <dthompson@xxxxxxxxxxxxx>
> > To: Shay <mastershay@xxxxxxxxxxx>
> > CC: php-db@xxxxxxxxxxxxx
> > Subject: Re:  Given only one mySQL user account by Host Company
> > Date: Sun, 23 Jan 2005 15:51:41 -0700
> >
> >
> > Shay wrote:
> >
> > > Yes they gave me phpMyAdmin to use, and no, I have no access to the 
> > > user/privilege table. So the only way to output database entries is 
> > > to connect with the single super account they gave me.
> >
> > Principally, this means you cannot allocate user accounts for mysql.  
> > No big deal unless you have a business model that calls for that.  In 
> > which case, refer to my first comment in my original reply.
> >
> > > I have a question about what you said Doug:
> > >
> > >
> > > > Use INCLUDEs for the login portions of the script(s) and place them 
> > > > in a protected directory.  If >you are unable to protect directories 
> > > > (.htaccess) with this host, they are begging for trouble and 
> > > > >victimizing their subscribers.
> > >
> > >
> > >
> > >
> > > In other words, call on an external function to connect to the 
> > > database, and place the file with this function in a directory that 
> > > is .htaccess protected. Is this correct? I do have a separate file 
> > > with a database connect function that all the pages on my site use, I 
> > > just don't have it in a .htaccess protected directory.
> > Exactly right. The objective is to make it more difficult to hack the 
> > mysql login info.
> >
> > Doug
> >
> > --
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php