Menu
▾
▴
#168 Don't list databases the user don't have access to
closed-rejected
1
2003-08-29
2003-08-27
No
After I upgraded to MySQL 4 the select list containing
the databases now contains all databases on the
MySQL-server, not only the database the current user
has access to, which was the case with MySQL 3.
Seems like mysql_select_db() returns true as long as
the database exist, not only if the user has privileges
to access it according to the "mysql.db"-table.
So, I added a new function, PMA_verify_access() to
common.lib.php and used that function instead of
PMA_mysql_select_db in PMA_availableDatabases().
Don't know if listing all databases is expected
behaviour or not, I just found it annoying since I have
a good amount of databases available, but only have
access to one of them when I'm logged in as anything
else than root ;)
only_own_databases.patch
Logged In: YES
user_id=192186
Showing all databases is IMHO correct as you can create
temporary table anywhere - real solution is to modify MySQL
privileges (eg. REVOKE CREATE TEMPORARY TABLEs ON *.* FROM
user). And this patch would increase much load for users
with much databases and tables.
Logged In: YES
user_id=418833
It is up to the MySQL administrator to set up the users'
privileges so they can only see those databases they are
supposed to.
This is why I'd like to reject your patch.
Logged In: YES
user_id=210714
I agree with Michal and Alexander, as phpMyAdmin should show
what MySQL intends to show.
Logged In: YES
user_id=219989
I agree too, heh, I just couldn't figure out why mysql allowed
me to see all databases, so.. If "REVOKE CREATE TEMPORARY
TABLES ON *.* FROM user" does the trick, I don't see any
point either ;)
Logged In: YES
user_id=210714
See FAQ 6.20. The upgrade process gave them this privilege.