List:General Discussion« Previous MessageNext Message »
From:Christopher R. Jones Date:December 17 1999 8:49pm
Subject:Re: Create/Delete issues with membership systems
View as plain text  
Right you are, if you want a user to be able to create or drop tables, then
that user can also create, drop databases - a very dangerous security
problem.  For example, a user could drop the mysql user table!


>My understanding is that there are no separate create/delete priviledges for
>database separate from tables.
>
>Can anyone clarify or explain ways around allowing a user to delete another
>users database in a membership web service environment? Do I have to deny
>create/delete permissions to users because of the likelyhood of trashing
>other users property? Can I impose a destination path prefix for any creates
>done by a specific user?
>
>Thanks, Paul
>
>---------------------------------------------------------------------
>Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before
>posting. To request this thread, e-mail mysql-thread21555@stripped
>
>To unsubscribe, send a message to the address shown in the
>List-Unsubscribe header of this message. If you cannot see it,
>e-mail mysql-unsubscribe@stripped instead.
>
>
>
Christopher R. Jones, P.Eng.
14 Oneida Avenue
Toronto, Ontario M5J 2E3
Tel. 416 203-7465
Fax. 416 203-3044
Email cj@stripped


Thread
Create/Delete issues with membership systemsPaul Gayeski17 Dec
  • Re: Create/Delete issues with membership systemsSasha Pachev18 Dec
Re: Create/Delete issues with membership systemsChristopher R. Jones17 Dec
  • Re: Create/Delete issues with membership systemsMatthew Vanecek18 Dec
Re: Create/Delete issues with membership systemsChristopher R. Jones18 Dec