Jump to content
#StayAtHome ×

vanderzar

New Members
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About vanderzar

  • Rank
    Newbie
  1. Yes. But lets suppose the admin account has all the permissions. This account can manage all the databases. Now if I create an end-user with the following order: use shop; CREATE USER "Arrow" IDENTIFIED BY "1234"; GRANT SELECT, INSERT, UPDATE, DELETE, INDEX, ALTER, CREATE, DROP on shop.* TO "Arrow" IDENTIFIED BY "1234"; Then the username and password of the end-user arrow is anyways stored in the mysql.user table.
  2. In case I create an user table "shop.users". There will be still the problem, that any user will have access to this table and will be able to get the hashed password. Or am I mistaken? What purpose would have the shop.users table, because the actual login happens anyway through the mysql.users table?
  3. Hi everyone I created a database called shop. I created also the user "wildcard1" with the password "1234" for this shop database. User "wildcard1" has the following privileges on the "shop" database: "GRANT SELECT, INSERT, UPDATE, DELETE, INDEX, ALTER, CREATE, DROP" Now i want to execute the login code which you see below. And there I have a problem. The problem is that the query (see row: 22 in the code below) is not executed. Would the solution be to give the user "wildcard1", the "SELECT" privilege on the "mysql.user" table? But if so, if these would be the solution. Would giving the "SELECT" privilege on random users to mysql.user not be a serious security issue? <!DOCTYPE HTML> <html> <head> <title>Sign-In</title> <link rel="stylesheet" type="text/css" href="./css/style.css"> </head> <body id="body-color"> <?php function db_connect() { $result = new mysqli("localhost", "wildcard1", "1234", "shop"); //echo $result->num_rows(); if (!$result) { echo "failed <br>"; throw new Exception('Could not connect to database server'); } else { echo "done <br>"; echo 'Die aktuelle PHP Version ist ' . phpversion() . "<br>"; $rows = $result->query("SELECT * FROM mysql.user WHERE User = 'wildcard1' AND Password = password('1234')"); echo "Object type is: "; if($rows){echo "true <br>";} else{echo "false <br>";}; printf("Query String: %d rows.\n <br>", $rows->num_rows); echo $result->host_info . "<br> \n"; if ($result->connect_errno) { printf("Connect failed: %s\n", $result->connect_error); exit(); } /* check if server is alive */ if ($result->ping()) { printf ("Our connection is ok!\n"); } else { printf ("Error: %s\n", $result->error); } /* close connection */ //$result->close(); return $result; } } db_connect(); ?> </body> </html> all best
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.