Facebook
TwitterThere is a security issue in the default MySQL configuration, which can cause leaking of MySQL data with certain databases names.
In MySQL's authentication tables there is a row which allows all users access to all databases that start with "_test". Thus, any user that creates eg. test_joomla or test_wordpress can be seen, read and written by any other user. If any other user logs in into MySQL they can see the test_ databases.
I feel this is a security issue, and Plesk should either remove the default entry in MySQL's 'db' table, or Plesk should prohibit creating databases that start with "test_".
This entry can be removed by running:
In MySQL's authentication tables there is a row which allows all users access to all databases that start with "_test". Thus, any user that creates eg. test_joomla or test_wordpress can be seen, read and written by any other user. If any other user logs in into MySQL they can see the test_ databases.
I feel this is a security issue, and Plesk should either remove the default entry in MySQL's 'db' table, or Plesk should prohibit creating databases that start with "test_".
This entry can be removed by running:
Code:
use mysql;
delete from db where Db = 'test\_%';
flush privileges;
