every user can access all databases, is this not very unsafe?

Alex123

New member
Joined
Jan 21, 2005
Messages
1
Location
Netherlands
Hi,

Just have some first customers using direct admin and all the users when using php myadmin can see (and change) all the database info from other users, it seems to me this is not very safe.
what must I do to protect a users database from other users ?

kind regards

Alex
 
You need to edit your PHPmyAdmin config file...

"nano /var/www/html/phpMyAdmin-*.*.*-pl*/config.inc.php"
remove from there root password.
 
I've got almost the same problem....

On mine, all the users can see all the databases but can only view/edit their own database. I checked out /var/www/html/phpMyAdmin-*.*.*-pl*/config.inc.php
and I don't have a password in any of the places were root is listed. (Apparently this might be why they can't edit them like the problem in Alex123's post.) However it's rather annoying having every database on the system listed in the pulldown box.

Anyone know how to fix this?
 
just tested on mine and I see only the database I made and test.

phpmyadmin-2.6.1

root is listed in the config file but password is blank, that also wont make a difference anyway since the root user is probably da_admin.
 
Chrysalis said:
just tested on mine and I see only the database I made and test.

Same here.
dachmo, I would suggest replacing the phpmyadmin configuration with the one provided by DirectAdmin and see if that does anything. I think it's located in /user/local/directadmin/data/templates/
 
Re: I've got almost the same problem....

dachmo said:
On mine, all the users can see all the databases but can only view/edit their own database. I checked out /var/www/html/phpMyAdmin-*.*.*-pl*/config.inc.php
and I don't have a password in any of the places were root is listed. (Apparently this might be why they can't edit them like the problem in Alex123's post.) However it's rather annoying having every database on the system listed in the pulldown box.

Anyone know how to fix this?

change the perimissions of each user.

i bet they have create temporary tables and lock tables you need to take those out and they will not longer be able to see all of the other users dbs
 
jmstacey said:
Same here.
dachmo, I would suggest replacing the phpmyadmin configuration with the one provided by DirectAdmin and see if that does anything. I think it's located in /user/local/directadmin/data/templates/

Did that and didn't change a thing in it, still shows all the databases.
 
Re: Re: I've got almost the same problem....

vandal said:
change the perimissions of each user.

i bet they have create temporary tables and lock tables you need to take those out and they will not longer be able to see all of the other users dbs

You were right, they did have Y permissions for the temporary tables and lock tables so I changed those to N and that fixed the problem. Thanks a ton! :)
 
Last edited:
Back
Top