[wp-hackers] multiblog/multisite musings -- comments welcome

Henning Seljenes henning.seljenes at gmail.com
Wed Aug 11 10:03:53 UTC 2004


It looks like my syntax was a bit off (big suprise :-P).

Here is the syntax with the following credentials:

database: multiblog
user tables: wp_tara_
username: tara
password: arat
host: localhost

GRANT ALL ON multibog.wp_tara_* to tara at localhost identified by 'arat';

Now all that's needed is a simple way to automate the creation of the
MySQL user via a php script unless you want to add users by hand. I'm
not aware of any command, other than something like SYSTEM() with the
ability to do this.

-- Henning


On Wed, 11 Aug 2004 11:35:08 +0200, Henning Seljenes
<henning.seljenes at gmail.com> wrote:
> I think the safest bet is to create a unique mysql user for each
> blogger. I think MySQL has the ability to limit table use by the GRANT
> ALL PRIVILEGES ON x' sytnax which means you would need a way to
> identify each section of the database to each user. This would be
> pretty simple by forcing a syntax such as 'wp_<username>_' and then
> setting the appropriate SQL user to 'GRANT ALL PRIVILEGES ON
> wp_<username>_*'.
> 
> I'm no MySQL buff so I'm not sure if this is how you use the syntax,
> but I'm certain you can find more info on it in the MySQL
> documentation.
> 
> -- Henning
> 
> 
> 
> On Wed, 11 Aug 2004 11:24:56 +0200, Tara Star
> <tellme at climbtothestars.org> wrote:
> > Henning Seljenes wrote:
> > > The main problem I see with this is you need to have a way to deal
> > > with the people that take, wp-config.php for example and add an extra
> > > line:
> > >
> > > $result = mysql_query("DROP multiblogs");
> >
> > thanks for the heads-up on the security issue
> >
> > > There are two options to deter this kind of thing:
> > >
> > > Remove the permission from the mysql user to drop / delete and add
> > > ways for a user to make a post invisible.
> >
> > sounds simpler to me. or give each blog its own user that has
> > permissions only on his own tables -- would that do it?
> >
> > > Make all the user included files a differant extension and parse them
> > > for permitted operations before executing them with the code.
> >
> > urghl. :-) that sounds out of my league!
> >
> > Steph
> >
> >
> > --
> > http://climbtothestars.org
> >
> > _______________________________________________
> > hackers mailing list
> > hackers at wordpress.org
> > http://wordpress.org/mailman/listinfo/hackers_wordpress.org
> >
>



More information about the hackers mailing list