[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

who has access

Posted on 2014-12-06
2
Medium Priority
?
149 Views
Last Modified: 2014-12-11
Just a thoughy here but is there a command i can run that tells me what usets have access to my database?

Its just a thought but wondered as i run on a shared host and i only have the adminstrators word that i am the only one who can access it, is it possible to run an sql commanf which will tell me that there is only one user allowed and its me?

From a security review i could include this in my apps startup and display a warning if security is compromised (eg someone else now has access to the database)
0
Comment
Question by:tonelm54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 40484518
MySQL has users and permissions; you can find the privileges and account management commands to display and change these values with a Google search, but that is not the central issue in a hosted environment.

Think of your MySQL users as your children; then can run around inside your house and if you want to keep them out of a room you use MySQL permissions: you lock the door.  But you're not really able to stop a team of marauding invaders with a battering ram, and these are the server administrators.  Server admins can literally steal you blind (Edward Snowden is a famous server admin).  Then can overwrite your data, or copy it, they can steal backups, etc.  You either trust them or you don't.

Probably the best advice anyone can get in response to a question about this sort of thing is "join OWASP" and learn about best practices for security.  The best practices are always evolving as the threats are evolving.

As a practical matter, nobody is going to get into your MySQL permissions and change them unless they discover your passwords.  If you keep those safe, you'll almost always be fine.
http://dev.mysql.com/doc/refman/5.0/en/security.html
0
 
LVL 24

Expert Comment

by:mankowitz
ID: 40485943
I agree with Ray, but the simplest answer to your question is to do this

SELECT * FROM mysql.user;

If you don't have permission to do that, then you can safely assume that at least some people have more access to your data than you do.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the steps required to install WordPress on Azure. Web Apps, Mobile Apps, API Apps, or Functions, in Azure all these run in an App Service plan. WordPress is no exception and requires an App Service Plan and Database to install
In this blog, we’ll look at how improvements to Percona XtraDB Cluster improved IST performance.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question