[wp-hackers] multiblog/multisite musings -- comments welcome

Brian Meidell brian at mindflow.dk
Wed Aug 11 16:08:08 UTC 2004 

The biggest problem with that is that the large majority of common users 
are on a server where they only have the one mysql user and no easy way 
to get more.

/Brian

Henning Seljenes wrote:

>I think the safest bet is to create a unique mysql user for each
>blogger. I think MySQL has the ability to limit table use by the GRANT
>ALL PRIVILEGES ON x' sytnax which means you would need a way to
>identify each section of the database to each user. This would be
>pretty simple by forcing a syntax such as 'wp_<username>_' and then
>setting the appropriate SQL user to 'GRANT ALL PRIVILEGES ON
>wp_<username>_*'.
>
>I'm no MySQL buff so I'm not sure if this is how you use the syntax,
>but I'm certain you can find more info on it in the MySQL
>documentation.
>
>-- Henning
>
>On Wed, 11 Aug 2004 11:24:56 +0200, Tara Star
><tellme at climbtothestars.org> wrote:
>  
>
>>Henning Seljenes wrote:
>>    
>>
>>>The main problem I see with this is you need to have a way to deal
>>>with the people that take, wp-config.php for example and add an extra
>>>line:
>>>
>>>$result = mysql_query("DROP multiblogs");
>>>      
>>>
>>thanks for the heads-up on the security issue
>>
>>    
>>
>>>There are two options to deter this kind of thing:
>>>
>>>Remove the permission from the mysql user to drop / delete and add
>>>ways for a user to make a post invisible.
>>>      
>>>
>>sounds simpler to me. or give each blog its own user that has
>>permissions only on his own tables -- would that do it?
>>
>>    
>>
>>>Make all the user included files a differant extension and parse them
>>>for permitted operations before executing them with the code.
>>>      
>>>
>>urghl. :-) that sounds out of my league!
>>
>>Steph
>>
>>
>>--
>>http://climbtothestars.org
>>
>>_______________________________________________
>>hackers mailing list
>>hackers at wordpress.org
>>http://wordpress.org/mailman/listinfo/hackers_wordpress.org
>>
>>    
>>
>
>_______________________________________________
>hackers mailing list
>hackers at wordpress.org
>http://wordpress.org/mailman/listinfo/hackers_wordpress.org
>
>
>  
>

More information about the hackers mailing list