Menu
▾
▴
Re: [Phpwiki-talk] Does the INSTALL.mysql file tell all?
|
From: Jeb B. <je...@oc...> - 2001-09-17 07:00:56
|
On Sun, Sep 16, 2001 at 07:24:20PM -0400, Steve Wainstead wrote: > On Sun, 16 Sep 2001, Gary Benson wrote: > > > % mysql -uroot -p > > Enter password: PrEtTySeKrEt > > Welcome to the MySQL monitor. Blah blah blah > > mysql> GRANT select, insert, update, delete > > -> ON phpwiki.* > > -> TO wikiuser@localhost > > -> IDENTIFIED BY 'password'; > > Query OK, 0 rows affected (0.85 sec) > > mysql> exit > > Bye > > % mysql -uroot -p phpwiki <schemas/schema.mysql > > Enter password: PrEtTySeKrEt > > % > > > > The database and all tables have now been created, so the wiki user does > > not need CREATE permission. It is therefore in the interest of security > > that the user does not have it, to protect from vulnerabilities which may > > be in PhpWiki. > > > > I am told something about having to flush the tables too, for the > permissions to take effect. Unfortunately I can't get at that comment > right now... I just happened to read the manual on this. You don't need to flush the tables when using the GRANT command, since that takes care of it for you. You would need to if you inserted the row in the mysql.users directly, but that is only necessary in older versions of MySQL before GRANT was working. (I wouldn't bother documenting all that in PhpWiki though, since it's already covered elsewhere, and people running older versions of MySQL should probably know how to create a user anyway...) Peace, -jeb |
