[Phpmyadmin-devel] SHOW DATABASES on ISPs
cand. inf. Alexander M. Turek
me at derrabus.de
Wed Jan 23 13:27:13 CET 2008
Hi there,
Sebastian Mendel schrieb:
> SHOW DATABASES seems somehow slow on ISPs
>
> how about using I_S.SCHEMA_PRIVILEGES
What about information_schema.SCHEMATA? I guess, that's the purpose of
that view.
> possible a configuration where ISP can use I_S.SCHEMA_PRIVILEGES instead of
> SHOW DATABASES,
Switching from SHOW queries to information_schema is a good idea, imho.
Since the next version of phpMyAdmin won't support MySQL 4.x anymore, I
don't see, why a config parameter is needed for that switch.
> or they can switch to SHOW DATABASES like '[user]_%' which
> performs much faster too
This is a little dangerous because it enables the ISPs to hide databases
from the user. Your query would hide all other databases from the user,
especially information_schema and the test databases that are enabled by
default. And of course the database [user] that you may create in
server_privileges. ;-)
We've had a similar discussion when MySQL 4.1 became stable and MySQL's
privilege upgrade script was a little buggy, so all users could see the
whole database listing, even if they weren't allowed to access most of
the listed databases. Though, I don't know if the guys have fixed that, yet.
The problem is, that you create the illusion of a security that is not
there (users don't see certain databases, although they may access them
via manual queries). So far, we have tried to avoid such situations.
Regards,
Alexander
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20080123/b8e3e500/attachment.sig>
More information about the Developers
mailing list