Grant_Priv exploits?
This is unexpected to me...
I have a user with GRANT ALL PRIVILEGES ON *.* TO user@localhost ....
Now, I was not expected that this user is able to do:
UPDATE mysql.user SET Grant_Priv='Y' WHERE user='user';
FLUSH PRIVILEGES;
giving him the rights to create new GRANT.
How can I allow one user to manage his own databases, but without allowing him to add new users to the MySQL?
Regards,
H.
Huu Da
MySQL flirter
Subject
Views
Written By
Posted
Grant_Priv exploits?
4375
October 20, 2011 01:37PM
1751
October 26, 2011 08:52AM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.