12 Feb
2003
12 Feb
'03
10:20 a.m.
Hi Marc, Garvin & list,
-----Original Message-----
From: Marc Delisle
In main.php3, $dbh is used to look into the mysql.* tables.
But if not controluser is defined, $dbh will contain
$userlink, and, for PMA_MYSQL_INT_VERSION >= 32304 we then
use a SHOW GRANTS to get the information. So with no
controluser, my non-privileged user sees all his databases in
the left pane, and he sees the Create database dialog because
he has a wildcard db CREATE priv.
So maybe we should rephrase in the doc, to talk about the
MySQL version where the controluser really needs privs on the
mysql db.
I am glad to see that you have so much trust in my SHOW GRANTS patch,
but it has its limitations:
The problem is that, in order to use SHOW GRANTS, we have to guess the
user's hostname as it appears in the user profile.
For example, you create a user 'foo'(a)'192.168.0.%' and logon as
'foo'(a)'192.168.0.123'2.168.0.123'.
In this case, phpMyAdmin sends these queries:
SHOW GRANTS FOR 'foo'(a)'192.168.0.123'2.168.0.123';
SHOW GRANTS FOR 'foo'@'%';
Both queries fail and MySQL would say that the user does not exist.
The SHOW GRANTS patch only works for users like 'user'@'host' or
'user'@'%' which are the most common ways to define users.
Regards,
Alexander M. Turek
<alex(a)bugfixes.info>
+-----------------------------+
| The phpMyAdmin Project |
| http://www.phpmyadmin.net |
| rabus(a)users.sourceforge.net |
+-----------------------------+
| [bugfixes.info] |
| http://www.bugfixes.info |
| rabus(a)bugfixes.info |
+-----------------------------+