Using the word "Test" For Username/Databases

[iTec]

Interesting quirk I just found. On a server I am on, there is a reseller who setup a account called "test"

Now the interesting part. He created a database and that database (ie: test_sample) is now visible, editable, and even deletable by all users on that server.

It seems any and all usernames/databases with the word test at the beginning of the database name is visible to all on the server the database is created on.

This could be a security concern for any hosts/resellers who may use that name and have important data stored on the database.

Not sure if this is a quirk in phpMyAdmin or MySQL itself, but thought I'd pass this along.

 

[l0rdphi1]

Hello,

Take a look at your mysql.db table. The first 2 rows under the Db column should read "test" and "test\_%".

Those two lines are granting everyone access to the databases "test" and any databases beginning with "test_".

Delete these two rows at your own risk and they should fix your troubles with any user named "test".

Phi1.

 

[nobaloney]

Note for DA staff...

Is this a bug?

Is "test" somehow hardwired into DA as is demo?

Jeff

 

[thoroughfare]

Jeff, I have to applaud you. Every time a bug is mentioned, you push to have it sorted ASAP. It's exactly the way it should be - thank you.

Matt

 

[nobaloney]

Thanks, Matt <blush>.

But don't forget I'm only a forum user. I can't move a thread to a bug report.

I can't report a bug I haven't seen myself (well I could, but I won't).

And I don't have the time to check every reported bug.

I'd hope that whoever notices these bugs will bring them to DA's attention.

One thing I've noticed a lot on these forums is that a lot of posters seem reticent to notify DA of a problem. Perhaps because they have an owned rather than rented license and can't get unlimited support.

Nevertheless, I urge anyone who sees a real DA problem that's not addressed here on the forums quickly, to please notify DA.

Thanks.

Jeff

 

[thoroughfare]

I don't think notifying John of bugs is 'support' really... it's helping DA if anything

Report away people

Matt

 

[nobaloney]

I don't believe this forum is the official way to notify DirectAdmin.

So I'd say, yes, notify DirectAdmin.

But if you notify them through the forum you may experience significant delays.

Jeff

 

[thoroughfare]

I don't know, I think the forum works pretty well.

Matt

 

[nobaloney]

Have you noticed that this week there have been no DA replies through the forum?

You can come up with good excuses for not wanting to contact DA all you want, but the fact is the forum is not guaranteed to be the fastest way to reach them.

Jeff