Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

who has access

Posted on 2014-12-06
2
140 Views
Last Modified: 2014-12-11
Just a thoughy here but is there a command i can run that tells me what usets have access to my database?

Its just a thought but wondered as i run on a shared host and i only have the adminstrators word that i am the only one who can access it, is it possible to run an sql commanf which will tell me that there is only one user allowed and its me?

From a security review i could include this in my apps startup and display a warning if security is compromised (eg someone else now has access to the database)
0
Comment
Question by:tonelm54
2 Comments
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 40484518
MySQL has users and permissions; you can find the privileges and account management commands to display and change these values with a Google search, but that is not the central issue in a hosted environment.

Think of your MySQL users as your children; then can run around inside your house and if you want to keep them out of a room you use MySQL permissions: you lock the door.  But you're not really able to stop a team of marauding invaders with a battering ram, and these are the server administrators.  Server admins can literally steal you blind (Edward Snowden is a famous server admin).  Then can overwrite your data, or copy it, they can steal backups, etc.  You either trust them or you don't.

Probably the best advice anyone can get in response to a question about this sort of thing is "join OWASP" and learn about best practices for security.  The best practices are always evolving as the threats are evolving.

As a practical matter, nobody is going to get into your MySQL permissions and change them unless they discover your passwords.  If you keep those safe, you'll almost always be fine.
http://dev.mysql.com/doc/refman/5.0/en/security.html
0
 
LVL 24

Expert Comment

by:mankowitz
ID: 40485943
I agree with Ray, but the simplest answer to your question is to do this

SELECT * FROM mysql.user;

If you don't have permission to do that, then you can safely assume that at least some people have more access to your data than you do.
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have heard of RFC822 date formats, they can be quite a challenge in SQL Server. RFC822 is an Internet standard format for email message headers, including all dates within those headers. The RFC822 protocols are available in detail at:   ht…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question