Re: The Security of MySQL

[gerald_clark]

If the databases are owned by mysql.mysql, how can this happen?
You don't allow users to become the mysql user, do you?
Dyego Souza do Carmo wrote:

I'm using MySQL-Pro+InnoDB 4.0.11 and i have a BIG problem...
My users is "hacking the database" because the MySQL system tables are
stored in .MYD format and to "hack database" is simple , only rename
the database and "copy" the blank database... restart MySQL and the
permissions is FULL FOR ALL USERS...
Exists in MySQL routines to ENCRYPT tables ? or the data inside tables
?
the functions like ENCODE and DECODE print a "password" in log file (
IN CLEAR TEXT) ....and this is terrible for me !
Exists the PASSWORD on CREATE TABLE STATEMENT but i'm using and is
same without the clause.
Please MySQL-Team and users... The security of MySQL is too simple ?
only rename and the database is "opened for world" ?
please help in advance ;)

Tanks !!!!!!!!
Tanks very much !!!!


sql,query,innodb,mysql



-------------------------------------------------------------------------
 ++  Dyego Souza do Carmo   ++           Dep. Desenvolvimento   
-------------------------------------------------------------------------
                E S C R I B A   I N F O R M A T I C A
-------------------------------------------------------------------------
The only stupid question is the unasked one (somewhere in Linux's HowTo)
Linux registred user : #230601
--                                        ICQ   : 221602060                            
$ look into "my eyes"                     Phone : +55 041 296-2311  r.112            
look: cannot open my eyes                 Fax   : +55 041 296-6640        
-------------------------------------------------------------------------
              Reply: [EMAIL PROTECTED]



---------------------------------------------------------------------
Before posting, please check:
  http://www.mysql.com/manual.php   (the manual)
  http://lists.mysql.com/           (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
 



---------------------------------------------------------------------
Before posting, please check:
  http://www.mysql.com/manual.php   (the manual)
  http://lists.mysql.com/           (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php