Solved

who has access

Posted on 2014-12-06
2
137 Views
Last Modified: 2014-12-11
Just a thoughy here but is there a command i can run that tells me what usets have access to my database?

Its just a thought but wondered as i run on a shared host and i only have the adminstrators word that i am the only one who can access it, is it possible to run an sql commanf which will tell me that there is only one user allowed and its me?

From a security review i could include this in my apps startup and display a warning if security is compromised (eg someone else now has access to the database)
0
Comment
Question by:tonelm54
2 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 40484518
MySQL has users and permissions; you can find the privileges and account management commands to display and change these values with a Google search, but that is not the central issue in a hosted environment.

Think of your MySQL users as your children; then can run around inside your house and if you want to keep them out of a room you use MySQL permissions: you lock the door.  But you're not really able to stop a team of marauding invaders with a battering ram, and these are the server administrators.  Server admins can literally steal you blind (Edward Snowden is a famous server admin).  Then can overwrite your data, or copy it, they can steal backups, etc.  You either trust them or you don't.

Probably the best advice anyone can get in response to a question about this sort of thing is "join OWASP" and learn about best practices for security.  The best practices are always evolving as the threats are evolving.

As a practical matter, nobody is going to get into your MySQL permissions and change them unless they discover your passwords.  If you keep those safe, you'll almost always be fine.
http://dev.mysql.com/doc/refman/5.0/en/security.html
0
 
LVL 24

Expert Comment

by:mankowitz
ID: 40485943
I agree with Ray, but the simplest answer to your question is to do this

SELECT * FROM mysql.user;

If you don't have permission to do that, then you can safely assume that at least some people have more access to your data than you do.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

PL/SQL can be a very powerful tool for working directly with database tables. Being able to loop will allow you to perform more complex operations, but can be a little tricky to write correctly. This article will provide examples of basic loops alon…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now