SuperbHosting.net have generously
sponsored
dedicated servers to ensure
a reliable and scalable dedicated hosting
solution for BigResource.com.
Encryption / Authentication
I need to find out if it's possible to do two things with mysql. The =
first is external authentication, preferably with kerberos5, but PAM =
will work as well. Second, encrypting the data stream. Specifically =
with jdbc connections.
SSL Encryption
is it true, that MySQL 4.x can do SSL encrypted connections only with a server AND a client certificate? I've got a working SSL connection if I use both, mysqld and mysql with certificate, key and ca-certificate. How can I use SSL if the mysql client must not have access to the private key? Any help or links to a good documentation is welcome.
AES Encryption
I am working on a small utility that will store journal entries in a mysql database. To ensure that even the database administrator can't read the contents of these entries I need to use some form of encryption. MySQL has some pretty decent AES encryption functions that I plan to use (AES_ENCRYPT() & AES_DECRYPT() ). The "key" for the encryption will be supplied by the user and never stored permanently so this should be pretty secure. The issue I am having is that searching through your journal/note entries is a pretty firm requirement. I am familiar with using full text indexes to make sure searching is speedy and efficient... but with encryption this does not appear to be an option.
Does anyone have any tips for me? I am just getting started with this project and want to know if there are some tricks I can do to make sure the server doesn't slow to a crawl when someone tries to search through 1,000 encrypted journal entries.
Currently I am planning on doing a query that would resemble the following. I have to use simple pattern matching since no fulltext functions work on the BLOB column type required by AES.
SELECT id, date, AES_DECRYPT(content, "user key") as decrypted FROM posts WHERE userhash = "testuser" AND decrypted LIKE "%some pattern%"
I'm not even sure if that is possible or valid syntax... that is just how I am assuming it will have to work. I think this query could at least grab just the user's posts from the "posts" table quickly, but if there were many it looks like it would need to inefficiently decrypt them one at a time and look for the search string.
Is there a more elegant solution that could give me the speed and security I'm looking for? If not, is there anything you can think of that I could do to hide this inefficiency so the server responds to large searches in a reasonable amount of time? Is this even a big deal? If I have like 10-20 concurrent users with 1000 posts each, all editing and searching, would a mid-range little linux box or shared environment be able to handle it without appearing super sluggish?
Looking For Encryption Tool
I have a prospect that needs to collect sensitive personal data via the web for mortgage applications. A certificate & SSL seems to protect the data from the browser to the server, but I need some way to encrypt the data for storage in mysql and (possibly) into a flat file for retrieval by the prospect. I have not been able to find a simple solution for this compatible with BSD and Apache.
Data Encryption
I am using MySQL on a Windows XP system. I was wondering if there is anyway that I could use OpenSSL (I currently have beta 6 on a dev machine) with MySQL on Windows XP?
Encryption On Windows
Can anyone advise whether its possible to use the Encode/Decode functions on Windows (Win2K) platform in Mysql & PHP. A book i'm using says they cannot be used in windows yet i've managed to get my application successfully Encoding a password at the time of using an, 'Insert INTO' qry - its stored ok as a BLOB (field was set-up as a BLOB). Problem is i cannot use the DECODE() to reverese things. When tried i get a 'cannot excecute query' type mssg. Looked at MD5 and SHA1 but they are one-way funcs only. I like the look of AES and DES ENCRYPT/DECRYPT but can't get them to work either.
Securing My DB With Encryption
I have set up two tables in our DB, and we want to add a third, but this one is credit card info, and need to be secured. What's the best way to do it by encryption?
Encryption And Decryption
i need a solution to the following requirement There is a column, for which data should be encrypted in the database, something like password, where the actual data should not be displayed when i say select * from tablename, instead, the encrypted text should be displayed, and that text need to be decrypted again, can anyone please tell me how to do it front end is java
I understand the basics of how it works however i am stumped.
What i am currently trying to do it have a table that contains user information. Now when an authenticated user views this information they are showing all there details in plain text.
Thats fine but what i require is a master key so that if need be the system admin will be able to decrypt any data in the mysql db using there master key.
Is there anyway to do this? either by design or code.
Using AES_ENCRYPT For 256 Bit Encryption
I just started using AES_ENCRYPT to encrypt records in my databases. For the most part, the default 128 bit encryption is fine. But, I would like to use 256 bit for one of my forms. According to the MySQL documentation you can use the function for either 128 or 256 but I don't understand how to get it to do 256.
The documentation says:"Encoding with a 128-bit key length is used, but you can extend it up to 256 bits by modifying the source." - http://dev.mysql.com/doc/refman/4.1/...functions.html
What source do I have to modify to get it to use 256?
Securing The AES Encryption Key Using Windows EFS?
I'm planning on using AES encryption methods which require an encryption key. I don't want to store this key as a string literal within my Java front-end web application because of the security risk associated with reverse engineering the Java .class files and obtaining the AES encryption key.
I was thinking of storing the AES encryption key in a file, and then reading this key from the Java application to use within the AES_ENCRYPT function. The file would be encrypted using Windows Encryption File System (EFS) since I'm deploying on a Windows server.
Benefits I see to this approach are that the AES encryption key is stored separate from the .java application, and the file containing the key is encrypted to everyone except the Windows account that encrypted the file.
The drawbacks are the application needs to have rights to accesss the file, the protection of the key now hinges on the Windows Account used to encrypt the file (if that is compromised then the key could be discovered); also, I need to further research where the private key used to encrypt the file is stored on Windows and how secure that is.
Encryption & Ignoring User
I had set up a database using XAMPP, but I feel this is a simple MySQL issue. After setting up the database, I created a few accounts and tables within phpMyAdmin and all was well. After a while, I decided that I wanted to encrypt the passwords of the user accounts. First, I tried md5() encryption. After doing so, all was well. However, once I shut down MySQL and restarted it, "[Warning] Found invalid password for user: 'Chris@%'; ignoring user"
I decided to change my password back using the "password()" within phpMyAdmin. Later, I had tried doing the same thing with sha1() encryption. All was well until I restarted MySQL, where I would receive the same "ignoring user" issue.
Login / Password Encryption
i am trying to create a very simple login system. all it does it input user data including a password and then when logging it it compares user name and password entered to find the user id (if exists) and then says you are logged in if a result was found. my problem is no results are ever found.
i have found that no matter what i do the password() function never returns the same value when im trying to select a user id with password=password('$inputedpassword') in the query to look up the user id.
so basically when i register the password is turned into a mess with password(), but wheni log in and use the same password() on it, it gives me something different.
BUT if i register under another user name and then use the same password, password() will give me the same mess (i checked this in the databse).
so i dont know why password() wont do the same thing when im using it in the query in login.php so that i can compare the passwords correctly. the only way i've been able to get this to login is to not encrypt anything. i have tried using md5 but that is giving me this same problem too. Code:
Credit Card Encryption
I am just having my first experience with storing credit card details into a mysql database with php. I am on a ssl server of course and everything works fine but I am interested in any other security recomendations.
Currently CC details are stored directly into the database as they were typed, should I be encrypting the CC details with mcrypt_enrypt() before storing them and then dectypt them when displaying on the "view card details page"?
I can easily decrypt it because the code specifies a Query but the INSERT is an ADODB insert (see below):
PHP
runQuery($db ->GetInsertSQL($rs, $_POST, true));
I need to AES_ENCRYPT one of the $POST fields before it goes into this but I don't see how? Mcrypt is not installed on server so MySQL functions are what I need to use.
Password Encryption (data Type)
When adding a password entry to a database I believe you can encrypt its value using PASSWORD(str) but could someone please confirm what data type I should use for the column in which it is stored?
Password Encryption To Store Passwords
What I'd like to do is have an html login page using php to process the request, and then compare the input strings to a username & password stored in a SQL table.
My question is though, what is the best way to store the password in the mySQL table. Is it better to store it as an encrypted value, and can I do this?
Encryption Of User / Pass In Odbc.ini / Alternatives
Does anyone know of a more secure way than storing the username and password to the database connection within the odbc.ini ? We are using PHP on one server connecting to a MySQL 4.0 database ?
Authentication
I'm new with mysql and I feel very stupid for having to ask this but I'm trying to program against it and I don't know what my username and pw are. When I installed it, I put in a pw so I'm pretty sure I know what that is, but what is the username I should be using when trying to execute sql commands against it with php?
MySQL And PHP Authentication
I'm getting the following error while trying to connect via php to an existant mysql (local) server:
Warning: mysql_connect(): Client does not support authentication protocol requested by server; consider upgrading MySQL client. I have latest PHP and MySQL installed.
This seems like the password problem (new password system now) the older was 16 bits right? Thing is... My PHP should support this, its 5.x and I have latest mysql as well.
Support Authentication
i have installed php4.4 with iis and mysql5 and phpmyadmin is 2.5 version and mysql administration tool too i get the error client does not support authentication protocol, i will be very pleased if someone suggest a good workin version for all mysql php and phpmyadmin
User Authentication
I do know how to create user logins and such.what I need to know is once a user logs in and submits his data (CSV) to Mysql DB,how do i ensure that the data goes into his account.In other words,whats the best way to manage user accounts and control the data that goes into that.
Passwords / Authentication
I have just started messing around with MySQL and something I find weird is that we connecting using localhost, if I supply the password, it will not authenticate...if I leave the password off, it's fine.If I connect from another machine, it requires the password or it will not authenticate.Is that normal?
Support Authentication Protocol
I have a service provider where my mySQL database is being held. Everything is uploaded and ready to go. When i try to access the database via my ASP code i get the following error message:
Client does not support authentication protocol requested by server; consider upgrading MySQL client
I've heard to use the Password/ Old password functions, but who has to do that, me or the service provider? When i try to use the Command prompt from the MySQL administrator it won't let me access the command prompt.
Authentication :: Config File?
Is there any config file or update to have MySQL use HPUX authentication or NT authentication. for the Windows apps. (Query browser and MySQL Administrator)
Authentication / Permission Basics
I have a number of users like 'fred', who can access MySQL 4.1 from %.fredworld.com. He has full access to his own database, fred. No other permissions defined.
What's the best way for me to allow every user to connect from localhost. After reading up on http://dev.mysql.com/doc/refman/4.1/en/connection-access.html I thought the answer might be to do:
insert into user (host, user) values ('localhost', ''); flush privileges;
but this doesn't do what I want. How should I go about this?
Client Does Not Support Authentication
The problem is that when i browse to http://reception/admin/index.php? and enter username and password I recieve the following message
1251 - Client does not support authentication protocol requested by server; consider upgrading MySQL client
#1251 - Client does not support authentication protocol requested by server; consider upgrading MySQL client
A little extra info (if needed): -I just installed php v 4.3.1, apache 2, and mySQL 4.1 -It's all on my laptop (if it makes a diffrence) -It's on a windows platform
Authentication Problem On Nonstandard Port
I am running two database instances of mysql (one on a nonstandard port). After granting users permissions I find that I can access mysql from other machines only if I use the standard port. When I use the non-standard port I can only authenticate if I am on the box where the database is running. Also some previously set up users can authenticate through the non-standard port (sadly no one knows how those users were set up). What do I need to do to allow for authentication on the nonstandard port ex:
mysql -h<HOST> -u<USERNAME> -p (defaulting to standard port works) mysql -h<HOST> -u<USERNAME> -P<NON-STANDARD PORT> -p (fails)
$ ./mysqladmin -u root password <newpassword> ./mysqladmin: connect to server at 'localhost' failed error: 'Access denied for user 'root'@'localhost' (using password: NO)'
I have no problems connecting like this:
./mysql -u mysql
In the latter case, I cannot do anything. For example
mysql> CREATE DATABASE one; ERROR 1044 (42000): Access denied for user ''0'localhost' to database 'MoonlightDB'
I understand that there is a problem with MySQL changing the password hasing functions in ver 4. One solution is to start the server with the --old-passwords flag, how do i add the flag??
Remote Database Fails To Authentication
I'm passing in the ip address of the server, my userid and password, but I get back my userid appended with my local machine name (or maybe it's the local domain, not sure) and it fails to authenticate? Is there any way to override this appending of domain?
Using: * MySQL server 4.0 on a remote Linux Server. * Developing in VS 2005 (VB) on a PC that is apart of our corporate MS domain. * Downloaded and installed Connector/Net 2.0
Problem: I'm using the connection string: ("server={0}; user id={1}; password={2}; database=test; pooling=false", server.Text, userid.Text, password.Text)
When executed with userid="sam" the error message that is returned is "Access denied for user: "sam@<mypc>.<corporatedomain>.com"
When executed with the userid="sam@<remotehost> the error message returned is "Access denied for user "sam@<remotehost>@<mypc>.<corporatedomain>.com". No matter what I do, the connector keeps appending my current domain id to the end of the user string.
"sam" is a authorized user for the MySQL on the remote linux host (been using it for years).
Warning: mysql_connect() [function.mysql-connect]: Client does not support authentication protocol requested by server; consider upgrading MySQL client in /home2/cruisew/public_html/cruisevacationcenter.net/test/inc/db_wrapper.php on line 11 AAAClient does not support authentication protocol requested by server; consider upgrading MySQL client
Mysql User Table For Authentication
What is the best way to store usernames/password information within a mysql Table? Is there a way to encrypt the columns that house this data?
for example..: CREATE TABLE `users` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `Username` VARCHAR(40) NOT NULL default '', `Password` VARCHAR(40) NOT NULL default '', `Lastlogin` datetime default NULL, PRIMARY KEY (`id`), UNIQUE KEY `username` (`username`) ) ENGINE=MYISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
i wonder for some more useful fields for software logging/management people sometimes (or seldom :-)) use like: lastip createdon lastlogin active ('yes', 'no', 'banned') -
"bin/mysqldump --opt --user=xxx --password=xxx DB > DB.bak" However, error 1045 came to me to say "Access denied for user 'xxx'@'localhost' (using password: YES) when trying to connect". None the less, I'm absolutely full of confidence on my correct username and password, simply because if I do it this way:
"bin/mysqldump --opt --user=xxx DB > DB.bak",and input the same password, everything goes well. Could you please give me some suggestion concerning the issue?
PerlDesk :: Client Does Not Support Authentication Protocol
You have no license for using PerlDesk! DBI connect('perldb:localhost','webuser',...) failed: Client does not support authentication protocol requested by server; consider upgrading MySQL client at lib/PerlDesk/App.pm line 408 Compilation failed in require at
lib/PerlDesk/App/License.pm line 3. BEGIN failed--compilation aborted at
lib/PerlDesk/App/License.pm line 3. Compilation failed in require at lib/PerlDesk/App/Installer.pm line 9. Compilation failed in require at C:/Program Files/Apache Group/Apache2/cgi-bin/install.cgi line 25.
TRACKER
