LinkBack URL
About LinkBacksCpanel build: 10.8.1-CURRENT 3
When any user logs in to phpmyadmin the database dropdown list shows all users databases. You can only access your own, but I would hope there is a way to hide the other user's databases.
phpmyadmin shows all user's databases
Cpanel build: 10.8.1-CURRENT 3
When any user logs in to phpmyadmin the database dropdown list shows all users databases. You can only access your own, but I would hope there is a way to hide the other user's databases.
mysql configuration
edit /etc/my.cnf(my.cnf location differs according to your installation)
Add this to the bottom of the file if it is not there already.
safe-show-database
and restart mysql
I got a report from a client the other day about this also but when I logged in I could not see it and they could not reproduce it either but they did send me a screenshot which did include all databases listed.
I searched here and saw the same suggestions of adding that line to my.cnf but I already had this in there.
There is an issue obviously but it seems hard to reproduce and is totally random.
The good news is however the client said they did try to access the databases and were unable to but still I see even being able to list all the databases as a fairly serious security issue.
safe-show-database is already in there, and it still shows them all. It looks like it is more of a phpmyadmin issues, as it didn't happen until the new version of phpmyadmin was installed by cpanel.
Adding "safe-show-database" to mysql config file don't solve the problem becuase "safe-show-database" depreciated in mysql 4.1
Thanks
My Signature ?? Thinking...
Enter mysql as root, then:
UPDATE mysql.user SET Lock_tables_priv = 'N', Create_tmp_table_priv = 'N' WHERE
User != 'root'; FLUSH PRIVILEGES;
Show database privilege has to be set correctly for all user accounts
The SHOW DATABASES privilege allows the account to see database names by issuing the SHOW DATABASE statement. Accounts that do not have this privilege see only databases for which they have some privileges, and cannot use the statement at all if the server was started with the --skip-show-database option
/scripts/cleanupmysqlprivs
Fixed for me the problem.
There you go. Thanks, that script worked. Is there a comprehensive list of scripts and descriptions somewhere? (other than ls /scripts :-) )
FFS, same problem again after updating!!!
TEST YOUR STUFF BEFORE RELEASING IT DAMNED!
I experienced this same thing this morning but luckily noticed it within minutes of updating the first server. Kinda freaky when you go to add show-databases line to the config and it's there already. Perhaps this should be made a sticky? Somewhat large issue for us shared hosts...
the most idiotic thing is that i have to do this every day now (cleanupmysqlprivs)
Bump
Seems to be a regular re-occurring problem
Please don't bump threads. If you're having a problem and have tried all the recommendations in the forum for this issue (and there are a few), then you should pursue the issue through bugzilla or a ticket with your cPanel license provider.
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
