From: Tonu Samuel
Date: August 24 2000 3:18pm
Subject: Re: Security alert: phpmyadmin
List-Archive: http://lists.mysql.com/mysql/48820
Message-Id: <39A53CE1.99EC61F2@mysql.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Van wrote:

> Thanks for the heads up.  Should it matter that someone could make a modified
> client for this user if the following are in place?
> 
> 1.      Firewall on MySQL port to DENY all but trusted hosts;
> 2.      No grants for this user except localhost;

running MySQL server with flag --skip-networking even more effective :).
Seriously.

> 3.      Only grant is select on mysql.user for the user in PHPMyAdmin.


-- 
+----------------------------------------------------------------+
| TcX  ____  __     _____   _____  ___                           |
|     /*/\*\/\*\   /*/ \*\ /*/ \*\ |*|     Tõnu Samuel           |
|    /*/ /*/ /*/   \*\_   |*|   |*||*|     tonu@stripped        |
|   /*/ /*/ /*/\*\/*/  \*\|*|   |*||*|     Tallinn, Estonia      |
|  /*/     /*/  /*/\*\_/*/ \*\_/*/ |*|____                       |
|  ^^^^^^^^^^^^/*/^^^^^^^^^^^\*\^^^^^^^^^^^                      |
|             /*/             \*\                Developers Team |
+----------------------------------------------------------------+