Access to another user's MySQL database : Forums : PythonAnywhere

Access to another user's MySQL database

Hi, PA team, you are great! :)

I have two accounts on PA - one in kinda UAT, the other is kinda Prod. Accidentally I found out that from my "Prod account" Django app I can access MySQL database of my "UAT account" as long as I have this code in settings.py (Django)

DATABASES = {
"default": {
    'ENGINE': 'django.db.backends.mysql',
    'HOST': 'UATuser.mysql.pythonanywhere-services.com', 
    'NAME': 'UATuser$default',
    'USER': 'UATuser',
    'PASSWORD': 'UATuser_password',

I'm not sure whether this is by design or not, so I am reporting it here.

Both accounts are free.

deleted-user-1506499 | 9 posts | March 23, 2018, 11:33 a.m. | permalink

yup- this is known. Thanks for reporting though!

conrad | 4232 posts | PythonAnywhere staff | March 23, 2018, 4:24 p.m. | permalink

Is it not supposed to be accessible by other users? Since we have the password already.

intekma | 8 posts | July 1, 2022, 8:07 a.m. | permalink

If you know the password to a database, then you can access it whether it's in the same account or not.

glenn | 9718 posts | PythonAnywhere staff | July 1, 2022, 9:59 a.m. | permalink