Solved

who has access

Posted on 2014-12-06
2
144 Views
Last Modified: 2014-12-11
Just a thoughy here but is there a command i can run that tells me what usets have access to my database?

Its just a thought but wondered as i run on a shared host and i only have the adminstrators word that i am the only one who can access it, is it possible to run an sql commanf which will tell me that there is only one user allowed and its me?

From a security review i could include this in my apps startup and display a warning if security is compromised (eg someone else now has access to the database)
0
Comment
Question by:tonelm54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 40484518
MySQL has users and permissions; you can find the privileges and account management commands to display and change these values with a Google search, but that is not the central issue in a hosted environment.

Think of your MySQL users as your children; then can run around inside your house and if you want to keep them out of a room you use MySQL permissions: you lock the door.  But you're not really able to stop a team of marauding invaders with a battering ram, and these are the server administrators.  Server admins can literally steal you blind (Edward Snowden is a famous server admin).  Then can overwrite your data, or copy it, they can steal backups, etc.  You either trust them or you don't.

Probably the best advice anyone can get in response to a question about this sort of thing is "join OWASP" and learn about best practices for security.  The best practices are always evolving as the threats are evolving.

As a practical matter, nobody is going to get into your MySQL permissions and change them unless they discover your passwords.  If you keep those safe, you'll almost always be fine.
http://dev.mysql.com/doc/refman/5.0/en/security.html
0
 
LVL 24

Expert Comment

by:mankowitz
ID: 40485943
I agree with Ray, but the simplest answer to your question is to do this

SELECT * FROM mysql.user;

If you don't have permission to do that, then you can safely assume that at least some people have more access to your data than you do.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to implement server side field validation and display customized error messages to the client.
This post looks at MongoDB and MySQL, and covers high-level MongoDB strengths, weaknesses, features, and uses from the perspective of an SQL user.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question