Issues/Bugs

jmstacey

jmstacey

Verified User
Joined
Feb 12, 2004
Messages
3,888
Location
Colorado
First off, the root mysql account login is not removed when you delete a users account.

And a second issue I may have discovered.
I think it may be possible for users to create more databases through phpmyadmin even over their limit as long as the dbname suffix of
username?dbname
is already a database. No new login will be created but I think users would be able to access them through their root mysql
account. This is a problem because then users would be able to have more mysql databases than their accounts permitted.
 
Hello,

Thanks for the find. I've added the removal of the system user when the DA account is removed. As for the database creation behind DA.. I'm not able to duplicate what you're saying. Perhaps an example would help me nail down the issue if there is one. When I tried to create another database, I kept getting:
ERROR 1044: Access denied for user: 'dbuser@localhost' to database 'dbuser_asdf'

John
 
It may just be for the admin user I haven't tried it as another user, but heres what I do.
I login to phpmyadmin with my admin username and password.
Once loaded there is the section to "Create new database" and in the box should be something like admin?database

database usually the name of the last database you created. If I click the create button it creates the database! Even though my account doesn't allow anymore, trying to add databases through DA fails because it says I've used all my slots up.
You can't name it anything you want but if you use the admin? prefix to a database name that already exists it will create the database.

Then through my main admin account which has access to all databases I have access to this new one and can add information etc. I can't delete it but I can still create it and use it which is bad.

I'm using phpmyadmin 2.5.7-pl1 but I can reproduce this error on any version so its not phpmyadmin bug for the version I'm running.

A little off topic, but when I delete a user his directory in /home is not removed. Everything except the imap directory is removed though. Shouldn't the users entire directory be removed?
 
Last edited:
It looks like a problem in the main user MySQL premissions
altho it shows access only to his db's I can see that I have the option to add more dbs

the limit is set within DA and not within MySQL therefore it is possible

I think it either a BUG in MySQL or in phpMyAdmin

David
 
You must log in or register to reply here.
Back
Top