[wp-hackers] multiblog/multisite musings -- comments welcome
Henning Seljenes
henning.seljenes at gmail.com
Wed Aug 11 09:35:08 UTC 2004
I think the safest bet is to create a unique mysql user for each
blogger. I think MySQL has the ability to limit table use by the GRANT
ALL PRIVILEGES ON x' sytnax which means you would need a way to
identify each section of the database to each user. This would be
pretty simple by forcing a syntax such as 'wp_<username>_' and then
setting the appropriate SQL user to 'GRANT ALL PRIVILEGES ON
wp_<username>_*'.
I'm no MySQL buff so I'm not sure if this is how you use the syntax,
but I'm certain you can find more info on it in the MySQL
documentation.
-- Henning
On Wed, 11 Aug 2004 11:24:56 +0200, Tara Star
<tellme at climbtothestars.org> wrote:
> Henning Seljenes wrote:
> > The main problem I see with this is you need to have a way to deal
> > with the people that take, wp-config.php for example and add an extra
> > line:
> >
> > $result = mysql_query("DROP multiblogs");
>
> thanks for the heads-up on the security issue
>
> > There are two options to deter this kind of thing:
> >
> > Remove the permission from the mysql user to drop / delete and add
> > ways for a user to make a post invisible.
>
> sounds simpler to me. or give each blog its own user that has
> permissions only on his own tables -- would that do it?
>
> > Make all the user included files a differant extension and parse them
> > for permitted operations before executing them with the code.
>
> urghl. :-) that sounds out of my league!
>
> Steph
>
>
> --
> http://climbtothestars.org
>
> _______________________________________________
> hackers mailing list
> hackers at wordpress.org
> http://wordpress.org/mailman/listinfo/hackers_wordpress.org
>
More information about the hackers
mailing list