Password Database Security
Is it a safe idea to store and use a username and password out of a mySQL DB for logging into basic private pages?
Does mySQL encrypt the table data if somehow specified?
Is there a simpler way of doing this? without a DB?
View Complete Forum Thread with Replies
Related Forum Messages:
Security: No Password For User
I added a user 'b2evolution' via phpmyadmin. I also created and set a password in this step. But I get an error when I try to log in: $ mysql -u b2evolution -p Enter password: ERROR 1045 (28000): Access denied for user 'b2evolution'@'localhost' (using password: YES) But when I do this: $ mysql -u b2evolution I can login? I even logged in as root and set the Password for mysql.user b2evolution by hand,
View Replies !
Database Connectivity/Security
Ok... I've done enough web coding and security to know I am obviously missing something here. I understand the coding to connect to MySQL with PHP, and dictate which db and which username and password to connect to the db. My question is... "Isn't that dangerous to publish that critical data into a PHP file for everyone to see?" How is that hidden or am I totally missing something?
View Replies !
Database Password
I was trying to install a mod that connects to my forum database and it prompted me for my database username password...and I can't remember it. Is there something I can do in cpanel or something to recover my password?
View Replies !
Password In Database
1- how to hide passwords to be shown by database administrator? 2- how to validate using SQL statement the typed password to the hidden password in database
View Replies !
Username, Password And Database Name
but the person that installed mysql on my laptop told me that the username and database name was not that important. Is there a way to retrieve my username, password and database name? Im trying to practice php and mysql but it give me an error.
View Replies !
Matching Password With One Already In Database
I am using PHP5 I have written the code to insert a password into the data base for a registrtion form.When I am trying to to match using a log in form so I can continue to the next page I keep getting the error message Username and password are not the same as those on file. Here is my code for inseting into database: //Make the Query $query = "INSERT INTO registration (first_name, last_name, email, user_name, password) VALUES('$fn', '$ln', '$e', '$un', PASSWORD('$p'))"; $result = @mysql_query($query); // Run the query. Here is my code for retrieving it $query = "SELECT user_id, first_name FROM registration WHERE user_name1 ='$un' AND password1=PASSWORD('$p')"; $result = @mysql_query ($query); $row = mysql_fetch_array ($result, MYSQL_NUM); Can anyone tell me what I am doing wrong.
View Replies !
How Do I Change A Database Password?
I have created a MySQL database on my local server and set up my php pages etc. using phpMyadmin and Dreamweaver. When I tried to set up a database on my server I discovered a small problem. I had used a 15 character password and my server limits the password to 12 characters. My simple question is can I change the password of the database and if so how. I am very new to using these toold so please make your answer clear and simple so that I can follow. I have instaled the MySQL GUI Tools as well but can't figure out how to change a password.
View Replies !
How To Encrypt Password In MySQL Database?
i would like to ask thing son encryption of data presently i'm setting up a mysql database to store usernames and password for authentication is there ways i can encrypt the column passwords even to the database administrator? i know of MD5 but how do i actually go about doing it?
View Replies !
Can I Set Database User Password When No Root Pw Is Set
I have installed PHPBB MediaWiki and SugarCRM on Ubuntu Server LAMP. I initially tried to set the root password on install and then could not log back in. After reinstall this is what I did for a new non root user. root@invest:~# mysql -V mysql Ver 14.12 Distrib 5.0.38, for pc-linux-gnu (i486) using readline 5.2 grant CREATE,INSERT,DELETE,UPDATE,SELECT on pauldb.* to paul@localhost; set password for paul = password('mysecretpassword'); flush privileges; exit; Then when i go to login with this user I can't. I have not set a password for root because the same thing happened when I tried to set root pw immediately after install of the database. This time I am trying to work out the access issue with a new user i have created. This way I still have access since and I won't have to reinstall the db.
View Replies !
Used Mysqldump To Dump Database But Its Not Accepting Password?
I am trying to dump the database but can't because sometimes I get error 2002 which is cannot connect to local MySQL server through socket 'tmp/mysql.sock' and sometimes I get error error 1045 which is access denied for user (Using password: YES). Isn't the password the same as the password to access mysql or is to the password to access the shell a/c. The username and password should be that of the shell account or the mysql account?
View Replies !
Random Password Vs. User Created Password For Site Login
Are there any security issues or other concerns that make one preferable? The client is pushing for user created passwords. I'm mapping out the basic functionality and front-end for a MySQL/PHP back-end that will be completed by a third party. I'm a novice to MySQL but familiar with PHP and their interaction. Mainly looking for anything to support one method over the other.
View Replies !
Mysql Password() & Unix Crypt Password...
I am creating a user administration system where system administrator can activate services for a user, like webspace, a mail account or a subdomain. I now want to create a function that creates mysql databases and grant the right privileges to a user. But the problem is that mysql wants to have the plaintext password for the user in the "grant ... identified by 'pwd'" field, or in a manual query to update the password in the mysql.user table with PASSWORD('pwd'). I have another database which holds the passwords for the users, these password are stored the moment a user signs up and are used to activate services, for example ssh access to the machine. The stored passwords are encrypted using crypt(). So for adding a ssh service to a user, I simply do echo "$user:$pwdhash" | chpasswd -e. I have chosen crypt because some programs (like proftpd) don't take md5 sums. The problems is that I don't have the plaintext password. So I cannot add a mysql db. So I need to create a user in mysql with a crypt password. I tried to just "grant all privileges ... identified by 'nothing'" and then afterwards update the mysql.user table and putt the crypt password in there but it doesn't work like that. Does anyone have any idea on how I could fix this, how can I create a user in mysql without having his plaintext password and only having a crypt hash of it. I thought about not only storing a crypt hash, but also an md5 hash and a mysql PASSWORD() hash.. but I think that's an ugly solution.
View Replies !
Security Bug?
I have MySQL 4.1.3a and when I run this query, server crash with CPU using: 99%. WinXP SP1, 32 bit CPU I have no other problems with server ALTER TABLE `history`.`anniversaries` MODIFY COLUMN `event` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL; before `event` was greek
View Replies !
Security Msg
How do I fix this? The $cfg['PmaAbsoluteUri'] directive MUST be set in your configuration file! Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole.
View Replies !
Account Security
I am about to produce a dynamic web site using PHP & MySql for a property management system. The users need to be able to log into an admin directory and then access the database with write permissions. In an attempt to improve security in a low tech way I thought - why not have one admin account that allows only to write and not to read and one admin account allowed only to read and not tow rite. In this event if a hacker was able to get at the account password details they woukd not be able to see what they were trying to write to and if the could see then they would not be able to write? i am aware of the potential of SQL injection attacks and how to prevent these.
View Replies !
Security For My.cnf File
So lets say that somehow your mysql database directory info, port info, where your .cnf file is located, socket info, basedir and pid has all been listed in a processes list somehow on a website that is available to everyone... can someone use this information to do something malicious to your database? If so, how can they... and how can I protect myself?Something like this: system 27094 1 0 14:55 pts/1 00:00:00 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/mysqldata/confocal --pid-file=/mysqldata/confocal/confocal.pid --skip-locking --port=3326 --socket=/tmp/confocal.sock --log=/mysqldata/confocal/mysql-confocal.log --log-bin=/mysqldata/confocal/mysql-confoca --defaults-extra-file=/usr/local/mysql/data/my.cnf --
View Replies !
Sock And Security
i installed mysql on mac(i have already tried re-installing it several times) when i start the server using the command, " sudo /Library/StartupItems/MySQLCOM/MySQLCOM start" it takes the command just fine but the console shows this error: "9/5/08 4:57:01 PM com.apple.launchd[1] (0x10e0a0.nohup[525]) Could not setup Mach task special port 9: (os/kern) no access" after that anything i type including:"mysql -u root" i get: "ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)"
View Replies !
Security/behavior
I'm evaluating a project of mine to see if something would go wrong if a user started using the wrong character set, and I can't seem to determine from the MySQL manual what the behavior would be if a query attempted to insert a string with the wrong character set (including single byte and multibyte character sets). Would it treat each byte as if it were already part of the default character set? Or would it throw an error? How would it even know? I'm doing this with PHP so I know to use the "real escape" functions to escape the input, but I think it would still be good to know what is actually going on, and I don't have much experience with charsets/collations...
View Replies !
Security In My Databases
I am the root and I have 4 databases: 3 private and 1 public. I have a user (david), and I want david to access only the public database. We are using SQLYog frontend and I´ve tried a lot with grant and revoke commands, flush privileges, and others to avoid david watching any of the 3 private databases. When I try to log using david's login I'm able to watch everything in the 3 private databases. I don´t want david to watch neither structure nor data in any of the 3 databases.
View Replies !
Security In MySQL
Hi Guys, i am a n00b in MySql, i have a huge vBB running on it! my server is running port scan attacks. I am MCSE, but i do not know how to care about MySQL!
View Replies !
Security Mysql
I have built a software using php & mysql for a client. The mysql db too will be installed on the client's server. Apart from the normal tables, there is also 1 more table having some info abt the super user, ie, me (this is to give support to the client if at all the software crashes in the future). What i want is that my client should not be able to access this table or come to know that it exist at all(by using mysql query browser or smething else).
View Replies !
Application Security
I would like to add client application security at the server end so it doesn't have to be embeded into each of the clients, just at/in the server. I have done a search of the Forum/NGs but can see no reference. Is it possible to access an external .dll from the server? The .dll would hold some security routines that could validate use, registration,etc. Obviously the .dll would have to be called by the server so the server would need to be 'called' to pass on the request. Is this possible? Alternativley, is it possible to embed routines in the server that can be locked and not got at by the normal tools?
View Replies !
No Security Options
I have just downloded the "MySQL 4.1" and have got the package to install and have run through the various options but I never came to the setup for the initial password and user so when I run the dos window I get "Password"..... ( sits scratching his head looking at the screen ) Is there a fundimental step which I missed ( left all options as is on install ) and is there other programs that I will need to install to work with mysql for setting up websites ?
View Replies !
Security Issue
still new to mysql and this is my first post. i am using mysql on windows xp home machine, and i've noticed that i can open the mysql user table in notepad and although there is a lot of garbage text in it, the username and encrypted password are clearly within the garbage text. have i done something wrong in my admin/install, or is this the way it is supposed to work?
View Replies !
Security And Logs
There have been some problems with our server and things getting changed in mySQL, either via phpmyadmin or command line. Is there a logging tool that can keep track of sql commands, what commands were run and give the IP information?
View Replies !
5.0.55 Security And Host Over The Net
This is my first posting so I'll just take a quick moment to say 'Hi', and annouce that Im a MySql & Perl lover and wish you all good luck with whatever it is your doing. And now .. :D Ive only been using (well, playing) with MySql for a couple of months so Im not exactly a grand master with it yet. Unfortunately security isnt one of my strong points and Ive essentially opened a MySql database to the net and wondered if anyone knows of any vulnerabilies. It's hosted on a Solaris 10 system, mysql & telnet ports are open to the net. In both unix and mysql, the 'root' and 'mysql' user's have strong passwords and everything's pretty much tied down as you'd expect it to be. On mysql, the root and mysql user id's have strong passwords - and Ive used MySql Administrator to create a 'guest' login (which a weak password) which ive only grantd the "SELECT" function to for one schema. I cant find a way to make updates work with this 'guest' user, but it is able to use 'Select' queries against any schema in the database and you can use MySql Administrator and login as the guest user to get system info. But you can't edit user accounts (phew!). So, while there doesnt seem to be an easy way in to a MySql database open to the net, it doesnt exactly feel or look very secure. Is there anything I can do to make it more secure? (Mysql & Root logins are only allowed from the hosting machine) - this 'guest' account is the only one that can login over the net.
View Replies !
Security Hazard
I installed the free version of mysql at my place. When I opened the console from the start menu, it would prompt me for the password. However if I type “mysql� in start->run it directly logs me in as the root with full access on the entire system. This did not happen with my friend who has also installed it. Does this happen with any one of you?
View Replies !
Security Across The Internet
I am somewhat new to accessing a MySQL database across the internet. I would like to write a thin client that accesses the database on a remote site; however, I must be assured that the queries and - especially - the data returned is secure. IOW, I need to make sure that no prying eyes can spy on the data being returned to the application. What are your thoughts on this?
View Replies !
Grants And Security
Most of the stuff I have previously done in MySQL has basically been on a server where everything was friendly :D Now I am having to code a site that shares MySQL with other sites, who should be considered to be potentially unfriendly ;) All I am asking, is, "what is the best way to" / "how do I" set this up? I mean, making sure that each site can only access it's own databases, and can still use phpMyAdmin, and so that the administrator can still see everything through phpMyAdmin. I have a feeling that phpMyAdmin will handle this stuff itself, and that all I have to do is set up the users etc. but I have no idea how to do this... If it helps, I am developing this for both Linux and Windows systems and so the code has to be interchangeable. I don't see that as a problem because surely we are only dealing with internal MySQL users here, and not system users...?
View Replies !
Question Of Security
I have a client that has a customer survey and rewards program that was written in Access with an ASP frontend. They have over 14000 records now and a query takes several minutes to run. My questions are: 1. How difficult/easy would it be to transfer to mySQL? 2. Is there helper applications to transfer it? 3. Would mySQL run the 14000+ records better than Access? 4. The client is very worried/paranoid about security, how can I ease that concern?
View Replies !
Is This A Security Attack ?
I have a remote server. So this morning when I was looking into the show processlist I saw 2 lines where the user is unauthenticated user " and the state is one is "Reading from net" and the other is "login". So what shall I do ? Is this an external hacker attack?
View Replies !
Security And Statement Advise
How secure is MySQL? I have been asked by a client to create a windows based application that will control / transfer / edit over HTTP. The data will be held on a MySQL server hosted on a standard IPSs server. I have been writing apps to do this for a while, but this client will be holding data that will be covered under the data protection act so they want to know how secure the data will be. So as a general rule how hard (or hopefully not easy) is MySQL to hack, or how secure is it when it can be accessed by external apps? Dose it just rely on the usernames and passwords? The second question, I want some advise on the best way to run a query. I have a list of product IDs, and I am trying to work out how many of each of the products was ordered between 2 dates, I have done the following but it take way to long to come back with the results as there could be up to 3000 products SELECT product, description, SUM(IF(product = 'productID1', `ord`, 0)) AS product1IDord, SUM(IF(product = 'productID2', `ord`, 0)) AS productID2ord, SUM(IF(product = 'productID3', `ord`, 0)) AS productID3ord, (.and so on but could be up to 3000 products) FROM theTable WHERE (timestamp >= '1234') AND (timestamp <= '9876') GROUP BY product ORDER BY product
View Replies !
PHP And Mysql-Security Mailinglist
I am administrating an sgi/apache webserver. Whether we will upgrade our website to contain a mysql-database and a php-module depends on the amount of administrative work necessary for maintenance (how many patches need to be applied per month). I searched the web, but I didn't find a list with all the security holes and patches for php and mysql. I search for something like the "SGI wiretap mailing list" or a similar thing on a webpage (list of all known bugs). Can anybody here show me such a list ?
View Replies !
Security White Paper
Is there a white paper or documentation that explains the steps I need to take to secure a MySQL database outside the firewall? I would appreciate if someone would point me in the right direction.
View Replies !
URGENT SECURITY ISSUE
I have a .asp application in which certain parts, clients can now edit/update/add information to their records in our DB. I basically use an include statement at the top of each page. The include .asp page has my connection data within .asp tags. The general 'user' to which the connection belongs only has 'select' facilities within the db. If I now want to let a client update/delete/add information, then surely giving them access to Update/Delete & Add is very high risk ?. If they manage to gain access to our Username & password, then they could delete all our information ?. What is the standard workaround for this scenario ?
View Replies !
MySQL Security Of Data
Although I'm gradually getting the hang of working with MySql, can do a pretty mean query!! I realise I know nowt about security. Is security basically done outside MySQL ie with https:// and is it necessary/usual to have the database itself on a https server or just the code accessing it? Is there any level of security that can actually be applied at the mysql level, somebody in Usenet talked about RoT13 which is pretty feeble of course.
View Replies !
Major Security Flaw
I wrote my first script from a tutorial which basically allows me to throw SQL queries at my db, no big deal. Ok so I made it and ran it on my server. My server is hosted space with different clients stuff on the same PC. so I run SHOW DATABASES. It shows me a list, apparently, of about 75 databases on the ENTIRE computer, it includes mine too. Is this bad? Should I be able to see this info or is my hosting provider leaving security open. Dare I try to access something about them to see if I am able to alter them, thusly them alter my db? Let me know if I am flipping out about nothing - this is like day one on php/mysql.
View Replies !
The Security Settings Could Not Be Applied
when i try to install mysql on my pc it works just fine until i'm near the end of the installation, the installer writes: the security settings could not be applied error number 2003 can't connect to mysql server on 'localhost' (10061) i have disable my firewall... so whats the problem then..? please make an easy explanation... i'm not that good at english so i hope that you understand me...
View Replies !
Can't Apply Security Settings
I got MySQL5.0 working, turns out I forgot to remove my old data files. Here is my problem. I can install fine if I don't modify the security settings, but if I do modify them, it fails saying access was denied on the root account and not using a password. If I don't configure the security settings, I can't connect to it to admin it, either by command line or the GUI admin, it always says that access was denied. I'm not sure what to do now, I've reinstalled several times and the problem keeps commign back.
View Replies !
Integrated Table Security
I have a simple? project to display a web page consisting of job assignments, but need to lock down specific cells in the database table to the employee that the job is assigned to so that only he/she can edit certain cells. If you have a database table with the columns "employee", "Job", Status" then only management can edit the Employee and job column, but only the employee assigned in the "Employee" column can edit the status column for that "Job" row. Can anyone point me in the right direction?
View Replies !
Security Issue When Using PhpMyAdmin
I have installed phpMyAdmin to work with my database. But phpMyAdmin requires me to change my userID and password in the configuration file so that it can connect to MySQL. That file can be opened with any text editor. Wouldn't it be very easy for anyone to access that file and know my MySQL password? Is there any way of protecting my password? I'm using my machine as a testing server.
View Replies !
Safety Concern - SECURITY
Say you have a very simple MyIsam "table", 1 numeric field ("A_Field") and 1 record. Lets assume the value is already set to 0. Let us pretend 1000 queries are being sent at the same time (as simultaniously as computerly possible) and each is from 1000 different computers. Each query is like this: "UPDATE `table` SET `A_Field` = '#' WHERE `A_Field` =0 ;" # is the number of the computer that ran the query, so it would only be between 1 to 1000. Pardon the loose term, but will this type of simple update be treated as a "transaction"? (I know true transactions are only possible in BDB or InnoDB, im just using this word because it fits the scenario) Is it possible for more than 1 of the queries to update the field, or will 1 of the queries commit?
View Replies !
I Can Connect With Db Password Or Blank Password
I have a password setup for root (% and localhost) in Mysql 5.0.26, I can connect ok no problem. I can also connect with blank password! I know it is checking the password cuz it fails if it's wrong. I'm sure I have only one account as well (tried to delete, recreate, etc... no change) select * from user where user='root'; | localhost | root | *F3AD8B3C44772C17F66767F29D948D9C255BD824 | Y ... | % | root | *F3AD8B3C44772C17F66767F29D948D9C255BD824 | Y ... Is there an option to accept blank password!? I have this problem only for root user; Other accounts are fine.
View Replies !
|
TRACKER
