Solved

who has access

Posted on 2014-12-06
2
138 Views
Last Modified: 2014-12-11
Just a thoughy here but is there a command i can run that tells me what usets have access to my database?

Its just a thought but wondered as i run on a shared host and i only have the adminstrators word that i am the only one who can access it, is it possible to run an sql commanf which will tell me that there is only one user allowed and its me?

From a security review i could include this in my apps startup and display a warning if security is compromised (eg someone else now has access to the database)
0
Comment
Question by:tonelm54
2 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 40484518
MySQL has users and permissions; you can find the privileges and account management commands to display and change these values with a Google search, but that is not the central issue in a hosted environment.

Think of your MySQL users as your children; then can run around inside your house and if you want to keep them out of a room you use MySQL permissions: you lock the door.  But you're not really able to stop a team of marauding invaders with a battering ram, and these are the server administrators.  Server admins can literally steal you blind (Edward Snowden is a famous server admin).  Then can overwrite your data, or copy it, they can steal backups, etc.  You either trust them or you don't.

Probably the best advice anyone can get in response to a question about this sort of thing is "join OWASP" and learn about best practices for security.  The best practices are always evolving as the threats are evolving.

As a practical matter, nobody is going to get into your MySQL permissions and change them unless they discover your passwords.  If you keep those safe, you'll almost always be fine.
http://dev.mysql.com/doc/refman/5.0/en/security.html
0
 
LVL 24

Expert Comment

by:mankowitz
ID: 40485943
I agree with Ray, but the simplest answer to your question is to do this

SELECT * FROM mysql.user;

If you don't have permission to do that, then you can safely assume that at least some people have more access to your data than you do.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Does the idea of dealing with bits scare or confuse you? Does it seem like a waste of time in an age where we all have terabytes of storage? If so, you're missing out on one of the core tools in every professional programmer's toolbox. Learn how to …
Creating and Managing Databases with phpMyAdmin in cPanel.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now