The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MERGED: phpMyAdmin is allowing users to create new db's.

Discussion in 'Database Discussions' started by mr.wonderful, Oct 18, 2004.

  1. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    phpMyAdmin 2.6.0-pl2 is allowing users to create new db's from phpmyadmin, WHY?

    Phpmayadmin is allowing our user to create new databases right from phpmyadmin. Why?

    This is wrong! Please fix this

    WHM 9.9.3 cPanel 9.9.3-E15
    RedHat 7.2 i686 - WHM X v3.1.0
     
  2. Aric1

    Aric1 Well-Known Member

    Joined:
    Oct 15, 2003
    Messages:
    324
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    Did you report this on bugzilla.cpanel.net? The forums aren't the best place for this sort of thing, since they're not actively scanned for bug reports.
     
  3. __DoPe_ShOw__

    __DoPe_ShOw__ Well-Known Member

    Joined:
    Mar 8, 2003
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Louisiana
    Atleast your clients can create db's. My server says in phpMyAdmin

    Create new database:
    No Privileges


    Whuts up with this?
     
  4. Aric1

    Aric1 Well-Known Member

    Joined:
    Oct 15, 2003
    Messages:
    324
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    That's what it should say. All MySQL db's should be created in CPANEL directly first, THEN you can work with them.

    Allowing users to create db's in phpMyAdmin would allow them to bypass the restrictions set on them and also to create a database with any name at all.

    Of course if you log in as root you can create db's in phpMyAdmin, but plain users, logged in with their username and password should not be able to do so.
     
  5. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    You should not be able to create dbs from phpmyadmin.
     
  6. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    What for? They pick and choose the bugs they want to fix based on what they think is most important. To me, this is very important. Log into your cp and load phpmyadmin. Click on create and a db will be created bypassing the restrictings set.
     
  7. cPanelBilly

    cPanelBilly Guest

    Just tried to verify and cannot:
    Create new database:
    No Privileges
     
  8. we_are_borg

    we_are_borg Member

    Joined:
    Mar 16, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    I'm getting the same thing.
     
  9. MarlboroMan

    MarlboroMan Well-Known Member

    Joined:
    Dec 7, 2001
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    Probably what is happening is that a user is given rights to edit a database through cPanel - if a user has the right to a database, he can create it, even if it doesn't exist.

    So if a new DB was setup in cPanel, and a user assigned, and then the DB was dropped, he could still re-create the database.

    It's how MySQL permissions work.
     
  10. bullethost696

    bullethost696 Well-Known Member

    Joined:
    Nov 23, 2003
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    You are using an Edge release, try downgrading to the RELEASE version and it should correct the problem
     
  11. nickn

    nickn Well-Known Member
    PartnerNOC

    Joined:
    Jun 15, 2003
    Messages:
    619
    Likes Received:
    1
    Trophy Points:
    18
    What Brandon said sounds correct...EDGE vs. RELEASE Right now won't matter...no changes to phpmyadmin or anything in that area
     
  12. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    I need a resolution to this problem. Our users can create DBS via phpmyadmin. When is this going to be fixed?
     
  13. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    ** BUMP **

    When is there going to be a resolution to this issue? And i need to know why and how to fix it!
     
  14. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    18
    If you haven't put in a bug report in bugzilla, I doubt that anybody is working on it at all.
     
  15. we_are_borg

    we_are_borg Member

    Joined:
    Mar 16, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    I thought the same thing a couple of hours ago so i reported it.

    http://bugzilla.cpanel.net/show_bug.cgi?id=1616

    I only hope that i reported it corectly and with enough information.
     
  16. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    THIS IS INSANE! This issue should have been fixed immediately! People should not have to post this issue in bugzilla. It should have been attended to immediately. Im pretty pissed off about this and dont think i should have to wait while hundreds of people have the ability to create databases that im going to have to clean up.

    THis issue started happening with the latest version of phpmyadmin!
     
  17. Aric1

    Aric1 Well-Known Member

    Joined:
    Oct 15, 2003
    Messages:
    324
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    What sort of servers are you running? I have access to hundreds of servers and clients on those servers using the latest phpMyAdmin can't make databases through phpMyAdmin. In fact, I've received a few complaints since people don't understand why they can't do so.
     
  18. we_are_borg

    we_are_borg Member

    Joined:
    Mar 16, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    This is a issue from WHM 9.9.3 cPanel 9.9.3-E15 to the E117. I think it's only happening on Redhat OS. It's in bugzilla and it's not even confirmed yet.
     
  19. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    Redhat 7.2 and 7.3. If it is an Edge issue, im at E102 then why hasnt it been fixed after being reported numerous times. Reported via Ticket and all they did was tell me that something on my server is doing it, a custom script of somekind but that is not the case since all my boxes are experiencing this issue. Its been confirmed that there are at least 2 if not more users who are having this issue besides me. Then i opened another ticket and it was closed. :mad: Dont tell me its a custom script! We dont run custom scripts that affect MySQL or phpmyadmin and the permissions have not been altered on any MySQL table. I now have users who have created db's from phpmyadmin when they dont have the resources to create them from the control panel. :mad: :mad: :mad: An im seeing databases that are not prefixed by a user eg user_dbname. All dbs should have a user_ prefix with the exception of mysql, eximstats and a few others that are system dbs.
     
    #19 mr.wonderful, Nov 19, 2004
    Last edited: Nov 19, 2004
  20. sarcym

    sarcym Registered

    Joined:
    Nov 6, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Have you checked the privilege table and checked if they are correct?

    MySQL is simply a service, third party software bundled with cPanel, you can administer it via command line, phpmyadmin, remote mysql administration software such as MySQL administrator from Mysql.com - You don't need cPanel to do it for you and you have full control over what your users can do/access and can't do/access.

    Have a look at the privileges set for your users and adjust if they need to be.
     
Loading...

Share This Page