這是真實案例,到今天為止,還是有人會把 MySQL 資料庫名稱設成 test 或 test_XXX,
你這樣設,在自己的私人主機裡 OK,但是呢,
假如你是在共享主機 / 虛擬主機 (shared hosting / virtual hosting),
你就真得會跟別人共享你的資料,你瀏覽 phpMyAdmin 時是可以看到 test 或 test_XXX 的資料庫內容的,不管擁有者是不是你。
https://blogs.oracle.com/jsmyth/the-test-database-and-security
The
test
database is installed by the MySQL Server RPM as part of themysql_install_db
process, and some other package managers run that script too. If you run that script as part of a manual install of MySQL, you’ll get the same effect. It creates the database by creating an empty directory called “test” in the data directory, and creates wide-open access to the databasetest
and any database with a name beginning withtest_
by inserting a couple of rows into themysql.db
table that give everyone full access to create or use those databases.
留言