Re: [Phpwiki-talk] Does the INSTALL.mysql file tell all?

[Steve W. <sw...@pa...>]

On Sun, 16 Sep 2001, Gary Benson wrote:

> % mysql -uroot -p
> Enter password: PrEtTySeKrEt
> Welcome to the MySQL monitor.  Blah blah blah
> mysql> GRANT select, insert, update, delete
>     -> ON phpwiki.*
>     -> TO wikiuser@localhost
>     -> IDENTIFIED BY 'password';
> Query OK, 0 rows affected (0.85 sec)
> mysql> exit
> Bye
> % mysql -uroot -p phpwiki <schemas/schema.mysql
> Enter password: PrEtTySeKrEt
> %
>
> The database and all tables have now been created, so the wiki user does
> not need CREATE permission. It is therefore in the interest of security
> that the user does not have it, to protect from vulnerabilities which may
> be in PhpWiki.
>

I am told something about having to flush the tables too, for the
permissions to take effect. Unfortunately I can't get at that comment
right now...

~swain


---
                  http://www.panix.com/~swain/
"Without music to decorate it, time is just a bunch of boring
production deadlines or dates by which bills must be paid."
                     -- Frank Zappa
http://pgp.document_type.org:11371/pks/lookup?op=get&search=0xF7323BAC