[linux] OT: phpMyAdmin - security of mysql database in MySQL

[Ondrej Jombik]

					Maxim, 16:02:45
					16. jun 2001 (sobota)
Zdraviim...

	V phpMyAdmin dokumentacii sa pise presne toto:

All you have to provide in config.inc is a standard user which can connect
to MySQL and read the mysql user/db table (see $cfgServers[n]['stduser']).

	No a v dokumentacii k MySQL, v casti kde sa vysvetluje Access
control, sa zase pise:

Note that from MySQL's point of view the encrypted password is the REAL
password, so you should not give anyone access to it! In particular, don't
give normal users read access to the tables in the mysql database!

	Znamena asi tolko, ze mam pre phpMyAdmin-a vytvorit nejakeho
uzivatal, co bude mat pravo citat z tabulky user databazy mysql. Jeho
username a heslo, bude treba zapisat do konfiguracneho suboru
/home/httpd/html/phpMyAdmin/config.inc.php.

	Tomu suboru vsak musim mu nechat prava na citanie, aby sa k nemu
Apache mohol dostat, cize sa k nemu moze dostat aj obycajny uzivatel, a teda
si moze vytiahnut heslo na ciatnie mysql databazy a to je v _rozpore_ s
MySQL manualom.

	Napriek tomu, ze som spravil vsetko podla dokumentacie, je to nejake
desynchronizovane. Nikto z vas s tym nemal problemy?

	=Nepto=
____________________________________________________________________________
Ondrej 'Nepto' Jombik, Visit Atlantis talker now!         http://atlantis.sk