I brought a virtual airline and for my security I would like to change the password on the myphpadmin and mySQL.
I am very new to this and I'm not sure where to find this and or do it.
any help is very welcome
Many Thanks
Your phpMyAdmin is protected by the MySQL authentication; so when you change your MySQL password it will also change for when you log in to phpMyAdmin. To do so, if you have the proper permissions, you'll see a link to "Change password" near the top of the "General settings" area of the main page. Note that in doing so, you will need to update the password in any other software that uses the same credentials, including phpMyAdmin only if you use the auth_type 'config'.
If you don't see the link, your user account doesn't have permission to change the password directly. Some web hosting providers do this (I'm not sure why) and in many of those cases, provide some external means to change your password (perhaps through their management interface). However, in those cases it depends specifically on your provider and you'd have to ask their support staff for further assistance.
Related
I have a hosted MySql server with many databases each with many views. I access the server remotely from my office using HeidiSql.
Once in a while the IP address of my office changes. When this happens, I have to add the new office IP address to the server using cPanel and the "Remote MySql" tool so that I can remotely connect again.
However, all of the views have definer: USER#OLD_IP_ADDRESS. If I need to change a view, I get Access Denied. Up to now, I have been deleting the view (yes, i can delete the view) and recreating it, which makes the view's definer USER#NEW_IP_ADDRESS, and then I can edit the view -- until the Ip address changes again.
So, my question is: What is the best practice is an environment like this. Is there a way to define the views once and, without causing a security risk, be able to edit the views after an IP Address change.
Thanks for any guidance.
You could loosen the host in the MySQL user account a bit, according to the IP range of your internet provider. That way, you don't need to change it every time you get a slightly different IP:
user#123.456.789.%
user#123.456.%
This of course loosens the security in this account, but if your password is be a good one, it should not be too risky.
A better way is to make the MySQL server only accessible via SSH. In that case, your MySQL server can be set up using the --skip-networking option, as you always connecting from localhost. Your user account can be user#localhost or user#127.0.0.1, which then would solve your above mentioned problem for all times.
HeidiSQL also supports SSH tunneled MySQL connections, see here for some tutorial.
I run a localhost server for MySQL and PHP, in the phpMyAdmin I get the message on pink background:
"Your configuration file contains settings (root with no password) that correspond to the MySQL privileged default account.
Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole by setting a
password for user 'root'."
Can anybody please tell me about the risks?
Are there any?
Like what?
Best regards
By default say xampp use no password. Mamp uses password root by default. This wil do no harm if you only work locally. If you want to set a password anyway than look at the documentation depends on the software you are using.
I need to work with a site where they don't remember the super admin password and user name. I can access to the database but with a no full access account.
If I have access to all the files in php my admin, can I get the password and the user name of the super admin?
This depends on how much access to the MySQL services on the server you can get. Try looking up "How to Reset MySQL Root password."
On top of what Tony Arnold said, you should be able to find the super admin pass within the MySQL database (of course depending on the database as stated above) this might help you:
https://docs.joomla.org/How_do_you_recover_or_reset_your_admin_password%3F#Method_1:_configuration.php_file
I just discovered that in the file
/etc/dbconfig-common/phpmyadmin.conf
My database admin password is written in clear-text with no encryption.
How can I change that? I noticed online that many people are happy with this. Although I noticed that only root can see the content of this file (its permission is 600), I still would prefer not having clear passwords.
What do you suggest?
If you require any additional information, please ask.
If you are just looking for a solution for phpmyadmin, you could change it to cookie based authentication. then create .htaccess file with db username and password where pasword is stored in encrypted password file. on first call of page you will have to login once with user and password and then a cookie is stored locally so on next call you are straight in again.
procedure also described here (but for windows):
http://robsnotebook.com/xampp-builtin-security
about creating htaccess user:
http://httpd.apache.org/docs/2.2/programs/htpasswd.html
I have access to the lesser account. I want the password to the All Privileges account. I've tried a few options but can't seem to get the password to reset.
Suggestions?
I'm also on Twitter asking for help... #BrentDPayne
Thanks,
Brent D. Payne
Sorry - if mySQL is properly set up, and you're on a restricted account, this is not possible. It would be a security hole if it were.
You probably need to speak to your hosting provider or the administrator of the database to reset the password.
Note: Before you do this, make your firewall block connections to MySQL from everyone except you.
To turn off password verification, restart MySQL with
--skip-grant-tables
and reset the password. Restart again without this option.