Journal GraffitiKnight's Journal: Submission
What do you do when your System Administrator (and worse, professor) refuses to secure the server you use? I recently discovered that the MySQL service on the server hosted by the computer science department at the university I attend allows anyone to modify anyone else's data. With many students using PHP and MySQL to serve their content, I was easily able to change or remove elements on their website. When I contacted my professor (and the server administrator) about it, he told me that use of MySQL was based on the "honor system". Beyond encrypting my database, is there anything else I can do to help secure my site? The CS box has already been hacked in the past, most recently this past year when all index.* pages were overwritten.