Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th January 2008, 11:08
grafzahl grafzahl is offline
Junior Member
 
Join Date: Jan 2008
Posts: 10
Thanks: 0
Thanked 2 Times in 2 Posts
Default ISPC User can create new databases in phpmyadmin

Hello,

i think this is a big problem.

If i login in phpmyadmin 2.11.4 as User web10_u1 and go to databases i get a default web10?u1. If i click an "create" the db was really created and can filled with tables and data.

I have test to change the "_" in username with other special chars. This create another databases.

Is this a bug ???

Greets from Germany
Grafzahl
Reply With Quote
Sponsored Links
  #2  
Old 19th January 2008, 22:25
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,259
Thanks: 215
Thanked 648 Times in 294 Posts
Default

I can confirm that for example mysqluser web1_u1 can create another database like web1?db1 for example.

The questionmark can be changed in another character and another database can be created indeed. This should not be possible!

I did some tests and this unlikely behaviour was also the case with previous phpmyadmin versions. So i think it has something to do with ISPConfig 2.2.19.
__________________
Hans

MrHostman | Master in managed hosting
Reply With Quote
  #3  
Old 19th January 2008, 22:50
grafzahl grafzahl is offline
Junior Member
 
Join Date: Jan 2008
Posts: 10
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Okay, i have check this from first point.
MySQL is the problem. Not ISPConfig or phpmyadmin.

On Console i log in MySQL with "mysql -u web1_u1 -p". After succesful login i type "show databases;" an i see web1_db1. Now i enter "create database `web1=db1`;" like phpmyadmin do it and give another "show databases;".

I was shocked. I can see the created database.

I think the only way to solve the problem is to remove the "_" from username. This char can replaces with any other special char.

Greets from Germany
Grafzahl
Reply With Quote
  #4  
Old 20th January 2008, 10:16
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,259
Thanks: 215
Thanked 648 Times in 294 Posts
Default

Well, i have to say that i can produce exactly the same as you told us here. It has something to do with MySQL indeed. In my case MySQL 5.0.32. It would be nice if the ? character within the databasename in phpmyadmin would be displayed as _ character and that this can not be changed by the mysqluser of the web.
__________________
Hans

MrHostman | Master in managed hosting
Reply With Quote
  #5  
Old 20th January 2008, 14:28
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,406
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

This is a old mysql bug. If I remember correctly, mysql promised to fix this in MySQL 4.1.x but it seems that tehy still did not fix it. I added this to the ISPConfig bugtracker to remove underscores from mysql usernames.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 31st January 2008, 00:46
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
 
Default

I've just removed the underscores from database names and users in ISPConfig. This will be available with the next release. The changes don't affect existing databases and users.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
Hans (31st January 2008)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Statistic not working mzo Installation/Configuration 49 20th April 2011 12:19
Anything I can do against illegal login-requests? schmidtedv Installation/Configuration 17 7th November 2008 09:25
log files cruz Technical 3 15th May 2007 14:35
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36
Can't add databases using phpMyAdmin tristanlee85 General 1 19th May 2006 08:45


All times are GMT +2. The time now is 11:00.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.