[Phpmyadmin-devel] CREATE TEMPORARY TABLE global priv
Robin H. Johnson
robbat2 at orbis-terrarum.net
Thu Mar 20 10:41:02 CET 2003
On Thu, Mar 20, 2003 at 12:49:00PM -0500, Marc Delisle wrote:
> I just upgraded to MySQL 4.0.12. Someone please explain why
> a user with CREATE TEMPORARY TABLE
> is seen by phpMyAdmin as a superuser
> ($is_superuser is TRUE, this is because USE MYSQL works!)
having global CREATE TEMP TABLE, you can use that on ANY db, hence mysql
treats you as a superuser.
This is actually a glitch in upgrading from 3.23 to 4.0, because of how
the new permission system works. just select all your non super users
and do:
REVOKE CREATE TEMPORARY TABLE, FILE ON *.* FROM <user>
Global privelges are bad, unless you trust the user.
--
Robin Hugh Johnson
E-Mail : robbat2 at orbis-terrarum.net
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2
ICQ# : 30269588 or 41961639
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20030320/d9fba212/attachment.sig>
More information about the Developers
mailing list