pfmartin

Well-Known Member
Aug 18, 2001
167
0
316
Earth
I deleted the test databases. That\'s fine. The problem is that anyone can create a test database now. This may have been a problem before, but now the problem is that when they look at the phpMyAdmin window, it actually pre-enters \"test\\_\" into the create database text box. It kind of encourages people to try it. So far, lots of people are trying and basically getting a new database without paying...

Can the create database field/form be removed completely? Or is there some way to set the perms so that \"test_\" database cannot be created?

I check mysql.com but cannot find anything.
 

rpmws

Well-Known Member
Aug 14, 2001
1,802
9
318
back woods of NC, USA
I agree .. all day long people have been asking about that and click happy customers are doing all kinds of crap I can\'t keep track of.
 
B

bdraco

Guest
[quote:0a24d11bdf]I deleted the test databases. That\'s fine. The problem is that anyone can create a test database now. This may have been a problem before, but now the problem is that when they look at the phpMyAdmin window, it actually pre-enters \"test\\_\" into the create database text box. It kind of encourages people to try it. So far, lots of people are trying and basically getting a new database without paying...

Can the create database field/form be removed completely? Or is there some way to set the perms so that \"test_\" database cannot be created?

I check mysql.com but cannot find anything. [/quote:0a24d11bdf]

See the above post for the command
 

rpmws

Well-Known Member
Aug 14, 2001
1,802
9
318
back woods of NC, USA
any clue why the phpinfo page in there reads:

Linux delusions.cpanel.net 2.2.17-21mdksecure #1 SMP Thu Oct 5 12:52:38 CEST 2000 i686 unknown

clearly not my server.
 

moronhead

Well-Known Member
Aug 12, 2001
706
0
316
[quote:3a90c90b3c] any clue why the phpinfo page in there reads:

Linux delusions.cpanel.net 2.2.17-21mdksecure #1 SMP Thu Oct 5 12:52:38 CEST 2000 i686 unknown

clearly not my server.[/quote:3a90c90b3c]See the discussion above about this.
 

rpmws

Well-Known Member
Aug 14, 2001
1,802
9
318
back woods of NC, USA
I know ..I was still looking for the answer to how to fix it.
 

moronhead

Well-Known Member
Aug 12, 2001
706
0
316
[quote:b2a41d1177]Users can create a database called test_ whatever. If one user creates it, then all users can see it. Is there some way to completely disable the test... database creation? Users should only be able to create the number of databases that corresponds to them based on their package.
[/quote:b2a41d1177][quote:b2a41d1177] I deleted the test databases. That\'s fine. The problem is that anyone can create a test database now. This may have been a problem before, but now the problem is that when they look at the phpMyAdmin window, it actually pre-enters \"test\\_\" into the create database text box. It kind of encourages people to try it. So far, lots of people are trying and basically getting a new database without paying... [/quote:b2a41d1177]What\'s even more fun, any user can now create as many test_* databases as they like. :D
 

moronhead

Well-Known Member
Aug 12, 2001
706
0
316
[quote:19e21f0518]The default mysql install creates a test database that allows anyone to
run tests. At lots of apps use this to find out if mysql is working,
however it is a bit of a security problem .. You can delete this by

# mysql mysql
mysql> delete from db where Db REGEXP \'^test\';
[/quote:19e21f0518]I\'ve just done this and it seems to ensure that any ^test_* databases created don\'t show up in the list on the left frame of phpmyadmin.

However, users are still able to create test_* databases and tables.
 

moronhead

Well-Known Member
Aug 12, 2001
706
0
316
[quote:f830974dd1]However, users are still able to create test_* databases and tables.
[/quote:f830974dd1]Correction: The test\\_... box has disappeared after refreshing phpmyadmin! It\'s gone. No more \"create database\" blues. :cool:

Something else has disappeared: The + and - signs in front of the database names. So all the tables related to a database are showing up permanently on the menu. Is anyone able to confirm this?