PHPAdmin user can see all databases

sittyweb.nl

Verified User
Joined
Apr 26, 2004
Messages
6
Location
Netherlands
Hello,

I noticed that when I log in in PHPMyAdmin as a user of a database, I can see all of the databases on that server and change them also.

I am not logged in as a administrator, but as a domain-user.

How can I preved this?

Thanks for your help
 
Sounds like this user may not have been created via DA. DA creates users with permissions only to the database that is associated with it. Log into phpmyadmin and click on the "Permissions", you should see all the users with the permissions "USAGE", except da_admin. The da_admin user should have "ALL PRIVILEGES". If that is not the case, then perhaps you have something else wrong there.

If you created the user yourself through phpmyadmin, then you want to modify the privileges so that all "GLOBAL PRIVILEGES" are unchecked, and you select the database they are allowed to use in the "Database-specific privileges" section. Then click the SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER options and submit. That is what DA basically does.
 
Hi,

I did create the database and user using direct-admin. I logged in as the user, then create it.

When I look at the permissoins for the database user in direct-admin, everyting except GRANT is YES.

Any other clue?
 
When you say you created the user and database through DirectAdmin do you mean from the "User" panel of DirectAdmin or through phpMyAdmin, you started from a DirectAdmin panel? There is a difference, if you are seeing permissions then you are no longer in DirectAdmin you are in phpMyAdmin and anything you do there will not be known from a DirectAdmin point of view. phpMyAdmin is a tool that is written and maintained outside of DirectAdmin.

If it was created from the MySQL panel in DirectAdmin, then you most certainly have a problem. I would for now change the permissions to the way I said before, and only to the database that is associated with that username. Uncheck all the GLOBAL permissions, those are the reasons that user can see all the other databases.
 
I never saw that part before, I always just used phpMyAdmin to modify permissions. The only thing that I can see, is that this panel will only display the user permissions for that database, not GLOBAL permissions. I would go into phpMyAdmin and login with the da_admin username and remove GLOBAL permissions on all usernames except the da_admin user.
 
No Problem,

BUT, users can create there own databases. I think there is a configuration in DA where I can default set the permissions for new users. I HOPE...
 
Yes users can create their own databases and usernames in DA and it should set the permissions correctly. At least they have always been correct for me. I have not seen it create any user that can see any other database.
 
Back
Top