Hallo liebe Kollegen, können wir diesen Angriffsvektor demnächst bitte eliminieren? mysql> use mysql Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> select user,host from mysql.user where user = 'xres'; +------+------+ | user | host | +------+------+ | xres | % | +------+------+ 1 row in set (0.00 sec) mysql> mysql> show grants for 'xres'@'%'; +------------------------------------------------------------------------+ | Grants for xres@% | +------------------------------------------------------------------------+ | GRANT SUPER ON *.* TO 'xres'@'%' IDENTIFIED BY PASSWORD '*SECRET_HASH' | | GRANT ALL PRIVILEGES ON `bookings`.* TO 'xres'@'%' | | GRANT ALL PRIVILEGES ON `booking`.* TO 'xres'@'%' | | GRANT ALL PRIVILEGES ON `xbeds_%`.* TO 'xres'@'%' | | GRANT ALL PRIVILEGES ON `xres_%`.* TO 'xres'@'%' | +------------------------------------------------------------------------+ 5 rows in set (0.01 sec) Wir brauchen keine generischen wildcard Benutzer für das Internet. ;-) Fauf Subnetze oder Subdomains beschränkt ist doch auch okay ... mysql> select user,host from mysql.user where user = 'xres'; +------+---------------------------+ | user | host | +------+---------------------------+ | xres | % | | xres | %.gs.activate.de | | xres | 192.168.0.0/255.255.255.0 | +------+---------------------------+ 3 rows in set (0.00 sec) -- Mit freundlichen Grüßen Tobias Stein - Systemadministration - activate communication systems GmbH G.-Schumann-Str. 294 04159 Leipzig Tel: +49 341 90 98 7 508 Fax: +49 341 90 98 7 49 email: t.stein@activate.de Geschäftsführer: Markus Hartwig, Rainer Jansen Handelsregister: Amtsgericht Leipzig (HRB 21850)