The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible security expliot?

Discussion in 'Security' started by ndj1022, Apr 8, 2003.

  1. ndj1022

    ndj1022 Well-Known Member

    Joined:
    Mar 14, 2003
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Ok, when adding users via WHM, if a user doesn't has his own domain, then I use a subdomain, ex: mydemo.domain.com. It works, and adds the user for the domain, etc.


    Now, when going to the MySQL>phpmyadmin Area, when viewing Databases, that user is able to see ALL databases for other people who are useing a subdomain. They can't view the tables or anything. Just the Name of the database.



    I'm worried that if someone found out a persons password (since they can view the database name already) that they would be able to access the database file and alter with someones tables n' stuff.


    Is there anyway to fix this?
     
  2. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
  3. DigiCrime

    DigiCrime Well-Known Member

    Joined:
    Nov 27, 2002
    Messages:
    399
    Likes Received:
    0
    Trophy Points:
    16
    Seeing everyones Database is a known issue, and is listed how to fix this in WHM News.

     
  4. ndj1022

    ndj1022 Well-Known Member

    Joined:
    Mar 14, 2003
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Not running MySQL 4 :rolleyes:
     
  5. DigiCrime

    DigiCrime Well-Known Member

    Joined:
    Nov 27, 2002
    Messages:
    399
    Likes Received:
    0
    Trophy Points:
    16
    log into shell type mysqladmin version and make sure of your version. if its mysql 3, im not aware of a fix for it off hand
     
  6. dariofg2

    dariofg2 Well-Known Member

    Joined:
    Mar 7, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Add

    safe-show-database

    below

    [mysqld]

    in file /etc/my.cnf and restart mysqld.
    -Dario
     
Loading...

Share This Page