We are using mysql 5.7 and we want to deploy our application code on premise. Being a dba, I want to encrypt our tables name and nobody can see my tables name (if possible all objects like SP, Function, Triggers, Events).
Is there any work around.
Don't give users a MySQL login. End of problem.
That is, build an application that interfaces between the user and the database.
Think of any shopping site on the Web -- You don't see database names, table names, or any other detail like that.
(And, no, there is no such encryption feature in 5.7.)
Related
So we've got a MYSQL database with very sensitive information and we want to prevent it from being exported by a developer/admin who has access to it, while still allowing them to access database while working on their duties.
In simple terms we want to prohibit mass select on specific tables.
Ideally it would be an option to disable mass select, something like limit 0, 1 enforcement for all SELECT queries on specific tables. Is it possible to configure MYSQL like that? Any other ideas how to prevent database from being exported?
Any solution I can think of when someone needs to access your production data within MySQL and you want to apply the principle of least privilege leads to separation of users and to the page on GRANT command in MySQL documentation.
But as I said in a comment to you question, it is much easier to develop a procedure to generate an impersonated sample of your data, so that your developers would not have access to the production data.
I was looking into how to add a create user account/login to my website, so I could have members join and come back, etc and ended up finding out in order to do that, I'd need to create a new database in my SQL, to store the users credentials, I dont have the option to create any new databases by my webhost. Only the one database is what I can use. Could I just add this to my existing database? Do I really need more than 1 database on SQL for my website? If so, could I add another SQL server direct on my computer and use both, Mine and the web host one where I'm creating the site to manage my website? Im sorry for the few questions, Im really new to all this and so confused and overwhelmed.
You can create multiple tables in same database.just make a table with fields such as user id,password etc. and use it for saving,fetching user details using sql queries.
Could I just add this to my existing database?
Yes, you can tables to the existing database.
Do I really need more than 1 database on SQL for my website?
There are a lot of websites that use just one database. Some websites use connections to multiple databases. What information is stored in which database is frequently the result of factors other than the website. The ability to connect to multiple databases means that a website could use authentication/authorization info from one database, store user profiles and submissions in another, and read information from other sources (for example, historical stock prices, stored in another database.
All of that information could be stored in a single database. Having them as separate databases means that the databases can be managed separately (frequencye of backups, replication to DR site) and makes it easier to share the database across multiple applications. (For example, we would probably want employee payroll and health care information stored in a separate database, with separate access controls.
Could I add another SQL server direct on my computer and use both, Mine and the web host one where I'm creating the site to manage my website?
It may be technically possible to do that, but that's not the way you want to go. That would add another dependency... the website at the web hosting provider would be dependent on having access to another database, which is not being backed up and managed along with your website.
I'm looking into using CloudBees for some application prototyping. I am using free accounts right now, I am not paying any subscriptions at the moment.
The first step for me is to create a MySQL database to host my application's data. I've done so (and it was pretty easy!). I also use Liquibase to manage the database (I've started this work using local H2 databases for the pre-prototyping), and I've been able to construct everything as expected.
As part of checking whether liquibase created the tables, I brought up the MySQL database in NetBeans. And, it did function well. But I can also see other schemas as well as the schema I just created. They're all innocently named (test, test_6hob). But, I can see the tables and view their data.
My question is around the visibility of the data that's in the CloudBees database. Is the database created for the free accounts viewable to other people connecting to the same machine? Does this change if I use a paid account? Or is it more the nature of how the database was created? I can see other schemas (and their data) but I have no idea if other people can see mine? Is there a permissions-aspect I need to ensure I set? I've fairly ignorant with the inner-workings of MySQL.
While this is a prototype, were I to move into using CloudBees for production applications, I wouldn't want the data to be visible to anyone who happened to connect to the same database as my application. It's entirely possible that I'm missing something in this new cloud world. :)
Thanks for any info
All CloudBees MySQL databases are secured separately (although will be in shared instances unless you have a dedicated server) - they are not readable by any other account by default.
However, it is possible for the database owner to grant access to users from other accounts on that same database server if you really wanted to - even though it makes very little sense to do so (and your special user configuration will be lost during a failover).
So this is what has happened for the test databases that you can see - the database owner has opened up security on those databases / tables.
This question is probably off topic but i'll bite anyway. The database data is private to your account. Actual hardware/vm's maybe shared but the data/database is not.
I am developing a web application in which a user can Create a table in data base. I am thinking on taking the attribute names and table description from user and put them into SQL query and execute it. But the drawback is that if this application is installed somewhere else all the db connection parameters have to be changed secondly it will be hard coded. Or is this the approach in software industry?
Another approach I can think of is taking all the information about creating a new table from user and inserting them into one table and have some kind of trigger on this table which creates a new table everytime when insertion is performed into the first table.What would be the SQL Script for such thing if my approach is correct?
I am using SPRING - MVC, Hibernate, MySQL, REST web service
Please correct me if I am thinking in wrong direction. TO be honest I am not clear on how I am going to do this.
Thanks
This is risky, since a database schema with a vague and ever-expanding schema will become difficult to manage. Your problem isn't how to manage the credentials, which you would have to handle securely whether users were creating tables or not. Your problem is why it seems necessary for users to create tables.
Are you building an interface to manage arbitrary databases? Maybe phpmyadmin would give your users everything they need.
Or are you doing something not quite so general purpose and open ended? Perhaps with a sufficiently rich table design, you can give the users what they want without requiring that they build their own tables. What information do users have to put in a table that it looks like they need to build their own?
If you are more specific with your objectives, we could be more helpful.
My program is intended for multiple projects (clients) use. I am working w/ PHP and Mysql.
For example, the implementation of the program for a client would include all the tables needed, and a list of users of that client.
Each implementation of the program (for separate and completely different clients) would make use of the same set of tables but separate. For example, there will be a userlist TABLE for client A, and one for client B. But they are not the same table.
Am I going to have a separate database (and as a result, initiate a new set of table for each new DB) for each implementation?
What do I have to lookout for I'm still early on in the programming phase, but would like to prepare for down the road. Still programming for the tables within one DB, but I don't want any surprise down the road.
I am currently hosted on a public hosting company.
You can create one master table where it will store the database name for each client and clients login crediential.
Once they login, according to their client ID, you need to select the database.
For new client registration, you need to create a copy of the database with their client name prefix.
Definitely go with multi tables. It will save you a lot of time in the future if you need to debug/update/delete a single client. Also, if client want a custom fix for something and you decide to make it, than you can hurt your other client's data. Also, you may be need different charset collation.