1 |
Hi All, |
2 |
|
3 |
I am not sure if I am alarming myself unnecessarily, but this is what I |
4 |
observed: |
5 |
|
6 |
Login as e.g. mick; (this is a unix acccount) |
7 |
mysql -u root -p |
8 |
Enter password: XXXXXX |
9 |
|
10 |
mysql> GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, CREATE VIEW, INDEX, |
11 |
INSERT, SELECT, UPDATE ON database1.* TO 'db_user1'@'localhost' IDENTIFIED |
12 |
BY 'passwd1'; |
13 |
Query OK, 0 rows affected (0.00 sec) |
14 |
|
15 |
mysql> FLUSH PRIVILEGES; |
16 |
Query OK, 0 rows affected (0.00 sec) |
17 |
mysql>quit |
18 |
|
19 |
Now if I login into database1 as db_user1 and then press the up arrow key at |
20 |
the mysql> prompt I end up seeing all the previous commands that I ran as |
21 |
root, including the 'passwd1'!!! |
22 |
|
23 |
Isn't this a rather serious security problem? How could I do it differently? |
24 |
-- |
25 |
Regards, |
26 |
Mick |