Knowledgebase
preventing users from connecting to other users database
| Posted by beautiful mind, 03-25-2009, 05:45 PM | | hi experts,
On my server, users can connect to any database as long as they have the database user and password. This makes it easier to hack any database on the server.
What I want to do is to make the users can only connect to their own databases and not other's.
I tried changing the localhost ip address but it didn't work ( I assume I didn't do it the right way)
any help please.
Thanks
|
| Posted by bear, 03-25-2009, 06:30 PM | | Why would they have the username and password to other dbs?
|
| Posted by squirrelhost, 03-25-2009, 06:45 PM | | The username/password only allows mysql access.
The privileges define which database(s) can be accessed,
so the problem must be there
|
| Posted by beautiful mind, 03-25-2009, 06:52 PM | | they have shell files like c99 shell
so they can read files outside their directory.
that way they have the username and password
|
| Posted by michaelpoulsen, 03-25-2009, 06:53 PM | | As far as I know, the shell requires opening a port. Should be solved with a firewall with only the necessary open ports.
Last edited by michaelpoulsen; 03-25-2009 at 07:00 PM.
|
| Posted by beautiful mind, 03-25-2009, 06:54 PM | | I know there must be some kind of solution.
|
| Posted by beautiful mind, 03-25-2009, 06:57 PM | | blocking the port 3306 won't make any difference because they are accessing the databases from inside the server.
|
| Posted by Victor Lugo, 03-25-2009, 09:50 PM | | There's no way to do that.
If you cannot protect your server from c99's/r57's, you shouldn't be in the hosting industry.
|
|
 Add to Favourites
 Print this Article
|
Also Read
