Hello, i think this is a big problem. If i login in phpmyadmin 2.11.4 as User web10_u1 and go to databases i get a default web10?u1. If i click an "create" the db was really created and can filled with tables and data. I have test to change the "_" in username with other special chars. This create another databases. Is this a bug ??? Greets from Germany Grafzahl
I can confirm that for example mysqluser web1_u1 can create another database like web1?db1 for example. The questionmark can be changed in another character and another database can be created indeed. This should not be possible! I did some tests and this unlikely behaviour was also the case with previous phpmyadmin versions. So i think it has something to do with ISPConfig 2.2.19.
Okay, i have check this from first point. MySQL is the problem. Not ISPConfig or phpmyadmin. On Console i log in MySQL with "mysql -u web1_u1 -p". After succesful login i type "show databases;" an i see web1_db1. Now i enter "create database `web1=db1`;" like phpmyadmin do it and give another "show databases;". I was shocked. I can see the created database. I think the only way to solve the problem is to remove the "_" from username. This char can replaces with any other special char. Greets from Germany Grafzahl
Well, i have to say that i can produce exactly the same as you told us here. It has something to do with MySQL indeed. In my case MySQL 5.0.32. It would be nice if the ? character within the databasename in phpmyadmin would be displayed as _ character and that this can not be changed by the mysqluser of the web.
This is a old mysql bug. If I remember correctly, mysql promised to fix this in MySQL 4.1.x but it seems that tehy still did not fix it. I added this to the ISPConfig bugtracker to remove underscores from mysql usernames.
I've just removed the underscores from database names and users in ISPConfig. This will be available with the next release. The changes don't affect existing databases and users.
