I have an (old) ejabberd instance that still uses 'internal' as authentication method. I installed a shiny new server (including MySQL) and am planning to migrate to it ASAP. I would like to avoid using Mnesia as authentication DB from then on.
Since my users' passwords are still stored in the Mnesia-database, I need to import them into the (new) MySQL DB on the new server. I succeeded in dumping the 'passwd' table and it is filled with entries like this one:
{passwd,{<<"flowie">>,<<"server.com">>},
{scram,<<"pHHeHwc5yaarPAshse7Ijuygtre=">>,
<<"4Qiv9ygiMLlzeZXUG6Bpyhygtgr=">>,
<<"dylctQFXYGXemMii1Pswe==">>,4096}}
To be able to correctly import these entries into the MySQL DB I need to figure out which field corresponds to which in the MySQL 'users' table:
+----------------+--------------+------+-----+-------------------+-------+
| Field | Type | Null | Key | Default | Extra |
+----------------+--------------+------+-----+-------------------+-------+
| username | varchar(191) | NO | PRI | NULL | |
| password | text | NO | | NULL | |
| serverkey | varchar(64) | NO | | | |
| salt | varchar(64) | NO | | | |
| iterationcount | int(11) | NO | | 0 | |
| created_at | timestamp | NO | | CURRENT_TIMESTAMP | |
+----------------+--------------+------+-----+-------------------+-------+
6 rows in set (0.00 sec)
I obviously know what the 'username' field is (and I think I can guess what the 'iterationcount' would be), but I want to make sure I get the others in the right order.
In one phrase: in what order are the 'password', 'serverkey' and 'salt' fields stored in an ejabberd Mnesia DB ? Where can I find info about this ? In the code perhaps ?
Note for the aspiring hackers among you: I did change the values, using a random character generator ;)
I configured ejabberd 18.03 with the option
auth_password_format: scram
and created an account. Its authentication information is stored like this in Mnesia:
{passwd,{<<"user1">>,<<"localhost">>},
{scram,<<"Eu9adR8M5NPIBoVKK917UKJQTtE=">>,
<<"0mRs0DKWvb8C0/fcVmTRP2elKOA=">>,
<<"UclT113AyXYlUAZgv3q0vA==">>,4096}}
Later I exported Mnesia to a SQL file using the command:
ejabberdctl export2sql localhost /tmp/localhost.sql
and the resulting file contains this line:
INSERT INTO users(username, password, serverkey, salt, iterationcount)
VALUES ('user1',
'Eu9adR8M5NPIBoVKK917UKJQTtE=',
'0mRs0DKWvb8C0/fcVmTRP2elKOA=',
'UclT113AyXYlUAZgv3q0vA==', 4096);
Related
Following steps are followed to enable MySQL encryption.
Mysql version 5.7 is installed on apache server. So by default keyring_file.so is available at following path: /usr/lib64/mysql/plugin/keyring_file.
In /etc/my.cnf below 2 code is added and MySQL is restarted.
early-plugin-load=keyring_file.so
keyring_file_data=/var/lib/mysql-keyring/keyring
When below query is executed to check if keyring plugin is active. It outputs as active
SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE 'keyring%';
+--------------+---------------+
| PLUGIN_NAME | PLUGIN_STATUS |
+--------------+---------------+
| keyring_file | ACTIVE |
+--------------+---------------+
Encryption is enabled on table level (on table author of DB testDB), It can be checked using below query
SELECT TABLE_SCHEMA, TABLE_NAME, CREATE_OPTIONS FROM INFORMATION_SCHEMA.TABLES WHERE CREATE_OPTIONS LIKE '%ENCRYPTION%';
+--------------+------------+----------------+
| TABLE_SCHEMA | TABLE_NAME | CREATE_OPTIONS |
+--------------+------------+----------------+
| testDB | author | ENCRYPTION="Y" |
+--------------+------------+----------------+
Data is inserted in author table as "plain text". However, though the table is encrypted.
select * from author;
+------+----------+-------------+
| id | name | email |
+------+----------+-------------+
| 1 | PQR | xuz#abc.com |
| 1 | XYZ | abc#abc.com |
| 1 | SSSS | xyz#abc.com |
| 1 | dfdfdf | prq#abc.com |
+------+----------+-------------+
What needs to be done to enable encryption on MySQL table?
What you enabled was innodb data at rest encryption, which is a transparent encryption technique, meaning authenticated and authorised users will not even notice it. As the mysql FAQ says on decryption:
InnoDB data-at-rest encryption is designed to transparently apply encryption within the database without impacting existing applications. Returning data in encrypted format would break most existing applications. InnoDB data-at-rest encryption provides the benefit of encryption without the overhead associated with traditional database encryption solutions, which would typically require expensive and substantial changes to applications, database triggers, and views.
USE mysql;
DROP PROCEDURE IF EXISTS ShowUsers;
DELIMITER $
CREATE PROCEDURE `ShowUsers`(IN KnownUsers varchar(500), IN KnownHosts varchar(500))
BEGIN
SELECT
user,host
FROM
user
WHERE
NOT FIND_IN_SET(host, KnownHosts)
AND
NOT FIND_IN_SET(user, KnownUsers)
ORDER BY user, host ASC;
END $
DELIMITER ;
Example complete data to work with:
+-------------+-------------+
| user | host |
+-------------+-------------+
| knownuser1 | 192.168.1.5 |
| knownuser2 | 192.168.1.5 |
| unknownuser | 192.168.1.5 | # I want this result to show
| someuser1 | 192.168.1.6 |
| someuser2 | 192.168.1.6 |
| someuser3 | 192.168.1.6 |
| root | localhost |
+-------------+-------------+
I have marked the result I would want to show from running the procedure, basically the two IN parameters are known users, and known hosts those that should be have a user record on this database.
Calling the function like this
# users and hostnames(ips) to match for exclusion from results.
SET #Usernames = 'knownuser1,knownuser2';
SET #Hostnames = '192.168.1.5';
CALL ShowUsers(#Usernames, #Hostnames);
Expected Result:
+-------------+-------------+
| user | host |
+-------------+-------------+
| unknownuser | 192.168.1.5 | # I want this result to show
| someuser1 | 192.168.1.6 |
| someuser2 | 192.168.1.6 |
| someuser3 | 192.168.1.6 |
| root | localhost |
+-------------+-------------+
Actual Result:
+-------------+-------------+
| user | host |
+-------------+-------------+
| someuser1 | 192.168.1.6 |
| someuser2 | 192.168.1.6 |
| someuser3 | 192.168.1.6 |
| root | localhost |
+-------------+-------------+
Explanation (off this topic but I think I should clarify) The reason I want this procedure to work, I have a master server with multiple remote slaves, the slaves need to have access to the masters database which means they also have to have "root" access, they can create/reconfigure their own access credentials. The problem with this is if one of those servers were ever compromised it would leave open the chance to have a new user added with credentials to basically all of the database. Wide open and free to take.
I could lock the slaves out after initial configuration and manually open up the door, run an update and then lock it again which would be pretty laborious for the application and make the application virtually useless.
The idea I'm going with right now is to run this procedure via cron run script and check for unknown users/hosts and lock that slave server out of the database until I accept or reject the user from the main application.
The condition in the WHERE clause is:
NOT FIND_IN_SET(host, KnownHosts) AND NOT FIND_IN_SET(user, KnownUsers)
which is equivalent to:
NOT (FIND_IN_SET(host, KnownHosts) OR FIND_IN_SET(user, KnownUsers))
which means that you want to exclude the rows for which:
host is included in KnownHosts or user is included in KnownUsers.
So for your sample data, the row:
unknownuser | 192.168.1.5
will not be returned, because host = '192.168.1.5' and it is included in KnownHosts (= '192.168.1.5').
Maybe change the logical operator to OR, if this is the logic that you want to apply:
NOT FIND_IN_SET(host, KnownHosts) OR NOT FIND_IN_SET(user, KnownUsers)
I have two different database (mySQL) named
DatabaseOne
DatabaseTwo
Both DB have one table
DatabaseOne
DBOneTableOne
DatabaseTwo
DBTwoTableOne
Hoping Structure of both table is same because DatabaseOne structured designed using XAMPP phpmyadmin panel where DatabaseTwo structured designed by writing hibernate class first and than used hibernate create schema tool (hbm2ddl).
Structure of database:-
**DBOneTableOne**
Field | Type | Null | Key | Default | Extra
Id | int(11) | No | PK | | auto_inc
name | varchar(25) | No | | |
**DBTwoTableOne**
Field | Type | Null | Key | Default | Extra
Id | int(11) | No | PK | | auto_inc
name | varchar(25) | No | | |
I know one option to cross check manually database structure but it's time consuming and also I need to check more than 200 tables and I don't want to use hibernate reverse engineering wizard.
Is it possible to check both DB table structure is same using query??? Or any other third party software I need to use.
Referencing a previous question, it doesn't seem possible to easily autogenerate a UML or ERD graph. How can this be done? Even the the detail which describe fudforum.*; provides would do the trick, except that you can't use a wildcard.
Something like mysqldump -d -u <username> -p<password> -h <hostname> <dbname> but more readable?
It looks like devart doesn't run on Linux, but I'm looking into that.
mysql:
mysql>
mysql> describe fudforum.fud30_xmlagg;
+----------------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------------+--------------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| name | varchar(255) | NO | | | |
| url | varchar(255) | NO | | | |
| forum_id | int(11) | NO | MUL | 0 | |
| xmlagg_opt | int(11) | NO | | 2 | |
| last_load_date | bigint(20) | NO | | 0 | |
| custom_sig | text | YES | | NULL | |
+----------------+--------------+------+-----+---------+----------------+
7 rows in set (0.04 sec)
mysql>
mysql> quit;
Bye
thufir#dur:~$
mysql workbench can reverse engineer and create erd's
http://www.mysql.com/products/workbench/
I've tried many times to get MySQL Workbench to auto generate an ERD with relationship lines but always left frustrated. Most of the databases I was working with used MyISAM tables without defined foreign keys. That seemed to prevent Workbench from generating the relationships I wanted or I just couldn't understand how to make it work. I tried many other solution as well but again never found the easy solution I was looking for until I stumbled on this blog post at mysqlworkbench.org.
MySQL Workbench Plugin: Auto-Create Foreign Keys
The post is a full explanation on how to get Workbench to search all of your tables for candidate foreign keys in other tables. It even shows how to get a working GUI for it. The best part is that the article links to a Python script that can be installed in Workbench as a plugin so you it's all handled for you.
Once the plugin is installed you run it and give it a pattern to use for testing whether keys match. It then gives you a list of the keys it thinks match which you can select if you agree. Then you click a button and it generates the ERD for you with all the relationship lines in place. Hallelujah!
Many thanks to akojima at MySQL Workbench. Now if only I could take the Delorean back four years and find this when it was published in 2010.
There is a tutorial how to convert Oracle 10G to UML using Eclipse and Dali plugin.
You can just swap Oracle with your database sql connector inside Dali and it would do the job.
mysqlshow command:
mysqlshow fudforum
I am saving a serialized object to a mysql database blob.
After inserting some test objects and then trying to view the table, i am presented with lots of garbage and "PuTTYPuTTY" several times.
I believe this has something to do with character encoding and the blob containing strange characters.
I am just wanting to check and see if this is going to cause problems with my database, or if this is just a problem with putty showing the data?
Description of the QuizTable:
+-------------+-------------+-------------------+------+-----+---------+----------------+---------------------------------+-------------------------------------------------------------------------------------------------------------------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+-------------+-------------+-------------------+------+-----+---------+----------------+---------------------------------+-------------------------------------------------------------------------------------------------------------------+
| classId | varchar(20) | latin1_swedish_ci | NO | | NULL | | select,insert,update,references | FK related to the ClassTable. This way each Class in the ClassTable is associated with its quiz in the QuizTable. |
| quizId | int(11) | NULL | NO | PRI | NULL | auto_increment | select,insert,update,references | This is the quiz number associated with the quiz. |
| quizObject | blob | NULL | NO | | NULL | | select,insert,update,references | This is the actual quiz object. |
| quizEnabled | tinyint(1) | NULL | NO | | NULL | | select,insert,update,references | |
+-------------+-------------+-------------------+------+-----+---------+----------------+---------------------------------+-------------------------------------------------------------------------------------------------------------------+
What i see when i try to view the table contents:
select * from QuizTable;
questionTextq ~ xp sq ~ w
t q1a1t q1a2xt 1t q1sq ~ sq ~ w
t q2a1t q2a2t q2a3xt 2t q2xt test3 | 1 |
+-------------+--------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+
3 rows in set (0.00 sec)
I believe you can use the hex function on blobs as well as strings. You can run a query like this.
Select HEX(quizObject) From QuizTable Where....
Putty is reacting to what it thinks are terminal control character strings in your output stream. These strings allow the remote host to change something about the local terminal without redrawing the entire screen, such as setting the title, positioning the cursor, clearing the screen, etc..
It just so happens that when trying to 'display' something encoded like this, that a lot of binary data ends up sending these characters.
You'll get this reaction catting binary files as well.
blob will completely ignore any character encoding settings you have. It's really intended for storing binary objects like images or zip files.
If this field will only contain text, I'd suggest using a text field.