Menu
▾
▴
Re: [Phpwiki-talk] Does the INSTALL.mysql file tell all?
|
From: Gary B. <ga...@in...> - 2001-09-16 22:59:17
|
On Sun, 16 Sep 2001, Steve Wainstead wrote:
> On Mon, 10 Sep 2001, Marjorie Roswell wrote:
>
> > Seems to me that the directions should add "CREATE" permissions along
> > with the select, insert, update, and delete that are provided in the
> > INSTALL.mysql.
> >
> > Am I right about that?
>
> You may be right... read on:
I meant to reply to this a while ago, but I too spent a lot of time
watching TV and then got food poisoning and spent most of the weekend
vomiting :-(
I think that INSTALL.mysql should say "-uroot -p" instead of "-uuser
-ppassword", since _all_ of the stuff mentioned in there should be done as
the MySQL user. Okay, if someone has set up another user to have CREATE
and GRANT permissions then they can use another user, but then anyone
who has set that up should know how to do it anyway ;-)
The session should look like:
% mysqladmin -uroot -p create phpwiki
Enter password: PrEtTySeKrEt
% mysql -uroot -p
Enter password: PrEtTySeKrEt
Welcome to the MySQL monitor. Blah blah blah
mysql> GRANT select, insert, update, delete
-> ON phpwiki.*
-> TO wikiuser@localhost
-> IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.85 sec)
mysql> exit
Bye
% mysql -uroot -p phpwiki <schemas/schema.mysql
Enter password: PrEtTySeKrEt
%
The database and all tables have now been created, so the wiki user does
not need CREATE permission. It is therefore in the interest of security
that the user does not have it, to protect from vulnerabilities which may
be in PhpWiki.
Cheers,
Gary
[ ga...@in... ][ GnuPG 85A8F78B ][ http://inauspicious.org/ ]
|
