search

compbio-UofT / medsavant

MedSavant is a search engine for genetic variants
22 stars 9 forks source link

Medsavant admins can access all databases #221

Open jfoong opened 10 years ago

jfoong commented 10 years ago

I am able to restrict access with the following commands:

REVOKE ALL PRIVILEGES ON * . * FROM 'user'@'localhost'; REVOKE GRANT OPTION ON * . * FROM 'user'@'localhost'; DELETE FROM db WHERE user = ""; UPDATE mysql.user SET Create_userpriv = 'Y' WHERE user = 'user'; GRANT FILE ON ._ to 'user'@"localhost"; FLUSH PRIVILEGES;

Why do the "" users get added to the mysql.db table?

mfiume commented 10 years ago

The "" users thing is new. We need to investigate.

On Thu, Nov 21, 2013 at 2:36 PM, jfoong notifications@github.com wrote:

I am able to restrict access with the following commands:

REVOKE ALL PRIVILEGES ON * . * FROM 'user'@'localhost'; REVOKE GRANT OPTION ON * . * FROM 'user'@'localhost'; DELETE FROM db WHERE user = ""; UPDATE mysql.user SET Create_userpriv = 'Y' WHERE user = 'user'; GRANT FILE ON ._ to 'user'@"localhost"; FLUSH PRIVILEGES;

Why do the "" users get added to the mysql.db table?

— Reply to this email directly or view it on GitHubhttps://github.com/compbio-UofT/medsavant/issues/221 .