(sorry if I posted on the wrong forum earlier.)
This can't be correct!: I am virtually hosted (static IP) with a host that provides MySQL and PHP4. Great!, I though. Then I just managed, quite unintentionally, to discover the "root" passowrd, and I successfully logged in with it through phpMyAdmin. I have access to ALL of the databases owned by the various virtually-hosted subscribers to our host (this is nearly a hundred databases.) Not only can I see them, but I can do anything to them!!!!!----I'm logged in as "root." Of course, I didn't do anything malicious.
But what the *?!@#? Is MySQL security really this bad on virtually hosted sites or did my root host screw up? And toboot, I found the password in a file sitting on my own virtual domain.
Does this seem right? If so, is it possible to install my OWN MySQL in my virtual directory (say, in the root directory above /www/) that other people can't access like this?
Any comments would be very helpful...
--P.S.
