|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
April 26th, 2001, 10:26 AM
|
|||
|
|||
|
very nice ;)))
I love this article about security .... short, concise, .... you get the knowledge of MySQL security in 10 min .. thx
|
|
#2
April 26th, 2001, 03:43 PM
|
|||
|
|||
|
Can this be done?
Ok, I've look at a lot MySQL directory structure and how the fit in the DB stucture and I haven't seen something a flexable as this idea I have. I'm not sure if it can be done with MySQL, that's why I'm asking.
In the MySql/data/ folder you have folders in there for the DB, is it possible to use the user name (ie /MySQL/data/username/) and have their db data folders in there (ie /MySQL/data/username/1db, /MySQL/data/username/2db..etc). If you can do this, you wouldn't have to worry about people trying to get a DB in that has already been taken and they can have control over their own stuff instead of having admin doing it for users all the time. They have their own private isolated folder and all is good.
|
|
#3
April 26th, 2001, 07:30 PM
|
|||
|
|||
|
Mac OS X requires GRANT/REVOKE
Because passwords are automatically encrypted by Mac OS X, you can't set a password via the INSERT or UPDATE commands, or via interfaces such as PHPMyAdmin (which is otherwise great on Mac OS X). If you want to set a password for "root," for instance, you must do it via the IDENTIFIED BY parameter of the GRANT command. You will then be able to use that password in the Terminal, but it won't be displayed in PHPMyAdmin: instead, you'll see the encrypted version.
|
|
#4
April 26th, 2001, 10:34 PM
|
|||
|
|||
|
Security????
Security, i don't think so..
Why??? because, one day I forget my password of my user database administrator (this mean the principal user with all privileges), what i did?, first i open the file user.MYD then i replaced the user encrypted password with nothing (spaces), then i restarted mysql, and Habra Calabra, I entered to my database with my principal account without password. That i called, bad - security =).
|
|
#5
April 26th, 2001, 11:17 PM
|
|||
|
|||
|
Re: Security????
At that level you have to expect your mysql security to be as good as your system security. If you're allowing any world priviliges to your mysql files and directories then you're certainly going to leave your data open to exploitation!
|
|
#6
April 27th, 2001, 09:27 AM
|
|||
|
|||
|
Use the GRANT/REVOKE commands
In my opinion, you should try to stay away from the manipulating mysql's system database ("mysql") directly. It's easier and less error-prone to use the GRANT/REVOKE commands which are described in MySQL's manual. As an added bonus, you don't have to reload the database after using the GRANT/REVOKE commands.
|
|
#7
April 27th, 2001, 01:36 PM
|
|||
|
|||
|
Re: very nice ;)))
The only problem is, that there are much Tools (beside the GRANT, REVOKE commands) that come with MySQL which are much easier that setting the mySQL tables itself.
But these tables are very good for checking how things work
|
|
#8
April 28th, 2001, 02:34 PM
|
|||
|
|||
|
Re: Security????
That i called, bad - security =).
- No, I call that being root. Didn't it occur to you that you don't actually need any passwords to access the database? Similarly you can access the database folder.
|
|
#9
April 30th, 2001, 10:04 AM
|
|||
|
|||
|
hosts? users?
hi
there is a lot of information on giving access to users and hosts, but what if you wanted to give anyone 'create' access rights for example in a message board such as this? anyone know how to do it? cheers
|
|
#10
May 2nd, 2001, 12:33 AM
|
|||
|
|||
|
NO root password
Hi Guys!
My site has a MySQL server running on NT 4.0 whose users accidently changed the root password and now we have lost control over the server. I am following two methodologies for regaining control. (1) Use mysqld --skip-grant-tables. This one is very slow and does not seem to start even after waiting for 15-20 minutes. (2) Can I take a backup of data, then reinstall the server and finally dump the backed up files on the newly installed server ? Existing version I think is v3.22. Please help me out with this one. Thanks in advance, Gagan Behl
|
|
#11
May 3rd, 2001, 04:02 AM
|
|||
|
|||
|
No ROOT Password..contd
Hi all,
I have accidently changed my MySQL root password to something I cannot remember. Also, there are applications running on it and accessing the dB. Could yo u tell me the options I have with me to restore my control on the server. Regards, Gagan
|
|
#12
May 10th, 2001, 02:50 AM
|
|||
|
|||
|
mysql+webhosting
anyone know the best way to create a user with access to no databases but they can login and create databases of there own... im working on setting up a free mysql+php hosting site and i need to figure this out..
ty
|
|
#13
May 12th, 2001, 11:17 AM
|
|||
|
|||
|
Re: No ROOT Password..contd
One way might be to backup the directories with the user databases, re-install MySQL from scratch, and put the databases back. This will only work if your the Admin tho. You might even try just replacing the grant tables themselves with their default versions.
|
|
#14
May 12th, 2001, 11:24 AM
|
|||
|
|||
|
Re: mysql+webhosting
You might try using a script to accept new user info, create the database, and change permissions for the database to the user.
|
|
#15
May 14th, 2001, 02:25 PM
|
|||
|
|||
|
excellent article
I'm working in a system and I happy to see that our security sistem is very similar that yours.
Is very efficient
|
|
| Viewing: Dev Shed Forums > Other > Development Articles > Access Granted |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
