View Single Post
  #86  
Old 04-13-2008, 03:24 AM
Bulle
Hill Giant
 
Join Date: Jan 2008
Posts: 102
Default

For those using EQBrowser, if you want to make it publicly usable for your DB you might want to setup a special user for it. The reason is that EQBrowser in its current state is almost certainly susceptible to script injection (nothing coming from the client is escaped properly). Until this can be fixed in the PHP you can make sure EQBrowser can only have read-access to your tables, and that it is prevented access to a couple sensitive fields (password, ls_account and minilogin_ip in the account table).

Here is how I have defined my eqemuview user. You will want to replace the user-name, password and database name (here peqref) by your own :

Code:
create user 'eqemuview'@'%' identified by 'ZZZ';

grant select on peqref.aa_actions to 'eqemuview'@'%';
grant select on peqref.aa_effects to 'eqemuview'@'%';
grant select on peqref.aa_timers to 'eqemuview'@'%';
grant select on peqref.altadv_vars to 'eqemuview'@'%';
grant select on peqref.books to 'eqemuview'@'%';
grant select on peqref.botinventory to 'eqemuview'@'%';
grant select on peqref.botleader to 'eqemuview'@'%';
grant select on peqref.botsowners to 'eqemuview'@'%';
grant select on peqref.character_ to 'eqemuview'@'%';
grant select on peqref.character_backup to 'eqemuview'@'%';
grant select on peqref.class_skill to 'eqemuview'@'%';
grant select on peqref.commands to 'eqemuview'@'%';
grant select on peqref.doors to 'eqemuview'@'%';
grant select on peqref.eqbnews to 'eqemuview'@'%';
grant select on peqref.eventlog to 'eqemuview'@'%';
grant select on peqref.faction_list to 'eqemuview'@'%';
grant select on peqref.faction_values to 'eqemuview'@'%';
grant select on peqref.fear_hints to 'eqemuview'@'%';
grant select on peqref.fishing to 'eqemuview'@'%';
grant select on peqref.forage to 'eqemuview'@'%';
grant select on peqref.graveyard to 'eqemuview'@'%';
grant select on peqref.grid to 'eqemuview'@'%';
grant select on peqref.grid_entries to 'eqemuview'@'%';
grant select on peqref.ground_spawns to 'eqemuview'@'%';
grant select on peqref.guild_members to 'eqemuview'@'%';
grant select on peqref.guild_ranks to 'eqemuview'@'%';
grant select on peqref.guild_relations to 'eqemuview'@'%';
grant select on peqref.guilds to 'eqemuview'@'%';
grant select on peqref.hackers to 'eqemuview'@'%';
grant select on peqref.inventory to 'eqemuview'@'%';
grant select on peqref.items to 'eqemuview'@'%';
grant select on peqref.launcher to 'eqemuview'@'%';
grant select on peqref.launcher_zones to 'eqemuview'@'%';
grant select on peqref.lootdrop to 'eqemuview'@'%';
grant select on peqref.lootdrop_entries to 'eqemuview'@'%';
grant select on peqref.loottable to 'eqemuview'@'%';
grant select on peqref.loottable_entries to 'eqemuview'@'%';
grant select on peqref.merchantlist to 'eqemuview'@'%';
grant select on peqref.merchantlist_temp to 'eqemuview'@'%';
grant select on peqref.name_filter to 'eqemuview'@'%';
grant select on peqref.npc_faction to 'eqemuview'@'%';
grant select on peqref.npc_faction_entries to 'eqemuview'@'%';
grant select on peqref.npc_spells to 'eqemuview'@'%';
grant select on peqref.npc_spells_entries to 'eqemuview'@'%';
grant select on peqref.npc_types to 'eqemuview'@'%';
grant select on peqref.npc_types_metadata to 'eqemuview'@'%';
grant select on peqref.object to 'eqemuview'@'%';
grant select on peqref.object_contents to 'eqemuview'@'%';
grant select on peqref.peq_admin to 'eqemuview'@'%';
grant select on peqref.petitions to 'eqemuview'@'%';
grant select on peqref.pets to 'eqemuview'@'%';
grant select on peqref.player_corpses to 'eqemuview'@'%';
grant select on peqref.player_corpses_backup to 'eqemuview'@'%';
grant select on peqref.quest_globals to 'eqemuview'@'%';
grant select on peqref.races to 'eqemuview'@'%';
grant select on peqref.rule_sets to 'eqemuview'@'%';
grant select on peqref.rule_values to 'eqemuview'@'%';
grant select on peqref.sharedbank to 'eqemuview'@'%';
grant select on peqref.skill_caps to 'eqemuview'@'%';
grant select on peqref.spawn2 to 'eqemuview'@'%';
grant select on peqref.spawn_conditions to 'eqemuview'@'%';
grant select on peqref.spawn_events to 'eqemuview'@'%';
grant select on peqref.spawnentry to 'eqemuview'@'%';
grant select on peqref.spawngroup to 'eqemuview'@'%';
grant select on peqref.spells to 'eqemuview'@'%';
grant select on peqref.start_zones to 'eqemuview'@'%';
grant select on peqref.starting_items to 'eqemuview'@'%';
grant select on peqref.timers to 'eqemuview'@'%';
grant select on peqref.tradeskill_recipe to 'eqemuview'@'%';
grant select on peqref.tradeskill_recipe_entries to 'eqemuview'@'%';
grant select on peqref.traps to 'eqemuview'@'%';
grant select on peqref.tribute_levels to 'eqemuview'@'%';
grant select on peqref.tributes to 'eqemuview'@'%';
grant select on peqref.variables to 'eqemuview'@'%';
grant select on peqref.warehouse to 'eqemuview'@'%';
grant select on peqref.zone to 'eqemuview'@'%';
grant select on peqref.zone_flags to 'eqemuview'@'%';
grant select on peqref.zone_points to 'eqemuview'@'%';
grant select on peqref.zone_server to 'eqemuview'@'%';
grant select on peqref.zone_state_dump to 'eqemuview'@'%';
grant select on peqref.zoneserver_auth to 'eqemuview'@'%';
grant select (id, name, charname, sharedplat, status, gmspeed, revoked, hideme, rulesflag) on peqref.account to 'eqemuview'@'%';
That's a lot of grants, but to prevent access to a part of the account table you have to grant the privileges on a table per table basis. This is how SQL works.
Reply With Quote