User has mysql permission for select only but phpMyAdmin allows edit - mysql

Why would a user with permission to only select be able to edit a record in phpMyAdmin? How can I prevent the edit?
This is the permissions screen:

If the user is able to edit and save the row in phpMyAdmin, it's because the rights at the MySQL level permit this action. Ultimately it's MySQL that controls what is possible, not phpMyAdmin. Note that it's a combination of username + hostname that applies, so maybe there is the same username with a different hostname that is defined. Also, there can be rights at the global, database, table and column levels.

Related

mysqlworkbench modify remote stored routines

I am using mysqlworkbench to connect to a remote mysql database using a user 'userA'. I am able to select from tables, see the list of functions and stored procedures. I am not able to view/see the code of these functions and stored procedures. Is this because they are defined on the mysql server by user 'root#localhost'? How can I get the user 'usera' to edit view and edit these using mysqlqorkbench?
I assume you have MySQL Workbench.
Just log in with the root user. Go to the Menu "Server->User and Privileges". There you'll see all the users in the left panel. Select 'userA' and then select 'Schema Privileges' from the tab right. Now select the schema on which you want to grant the rights. At the bottom you can see possible rights that can be assigned to the user. Select appropriate rights and Save.
I have MySQL Workbench 6.2.5.0. If you have a different version, please locate the User and Privileges accordingly. Hope that helps!

Is it possible to password protect an individual database in MySQL

I am using MySQL workbench 6.2.3. I want limit user access to an individual database.When one trying to open a database after getting in a connection, he/she should enter user name and password. Is there any provision to grant access to a database after entering valid username and password?
There's no way to require an additional password for a user once he logged in. Control access via the normal MySQL login. The user name used for that can be configured to have only access to the objects you want. The used user name decides what is allowed and what is not.
For commercial MySQL editions you can also use the new MySQL Firewall, which allows only a set of previously learned queries to be run by a given user. It's not a second login, but you can fine tune access levels for a given user.
I am not sure if this is what you are trying to achieve but you can do the following to grant a user the access to a single database and all its tables.
You login as root with "mysql -u root"
Then execute : GRANT ALL PRIVILEGES ON SpecificUserDB.* To 'TheUser'#'yourserver' IDENTIFIED BY 'secretpwd';
Hope this helps.

Getting password from CPANEL using phpmyadmin

Good Day
I am a front-end developer, and I know little from MySQL and databases.
I have a Wordpress MySQL database in CPanel. Now I forgot my password, and the password for my user as seen in phpmyadmin is hashed/encrypted.
How do I get the password?
NOTE: I do not have access to the Server since this is a website on a shared hosting account, so doing the following is not possible for me:
See this post on Stack
Stop the MySQL process.
Start the MySQL process with the --skip-grant-tables option.
Start the MySQL console client with the -u root option.
List all the users;
SELECT * FROM mysql.user;
Reset password;
UPDATE mysql.user SET Password=PASSWORD('[password]') WHERE User='[username]';
But DO NOT FORGET to
Stop the MySQL process
Start the MySQL Process normally (i.e. without the --skip-grant-tables option)
when you are finished. Otherwise, your database's security could be compromised.
If your website is working you can probably find the mysql user/password
in the config.php file in your wordpress filesystem.
Otherwise:
Your best option is probably to add a user to the database and give it the needed privileges, to do that:
Click MySQL databases.
Create new user.
Assign new user to your database.
Edit config.php on your wordpress filesystem and change to the new username.
This is sub optimal, but will work.
There is a simple way for you to gain access to your WordPress user info if you don't know the password. I'm assuming you are talking about a WordPress user password retrieval. You need to have access and edit privileges to your database to do this.
-Open up phpMyAdmin or however you prefer to access database tables
-Select your database
-Open the table wp_users
-Under the column 'user_login' you will need to find which entry you want to access. Your username should be in one of the row entries.
-Once found, there will be a 'user_pass' column as well. Now some explaining needs to happen. You cannot retrieve your password without hacking/brute forcing that encryption. These are MD5 hash encrypted passwords. What we are going to do is just simply create a new password here. All you have to do is Google "MD5 Hash generator". I tested this on the first result I found and it worked.
-Once you find a website with a generator just simply type in your password and then retrieve the hash that's given to you. For example I typed in 'password' and I receive '5f4dcc3b5aa765d61d8327deb882cf99' Now we have a new encrypted password to set. If you are worried about sites saving your password entries or hashes just make up a password as a temporary fix. Then you can just login with that and change the password via the WordPress Dashboard later.
-Select the row that your username is in. Click Change/Edit then just copy and paste the entire MD5 Hash into the wp_pass column.(Overwrite the old password btw.) Save/Go/Execute to make sure the table was re-written. In this example I would be pasting '5f4dcc3b5aa765d61d8327deb882cf99' into the column without quotes of course.
-Please be sure to only change the 'wp_pass' entry and to make sure it's corresponding to the correct username.(On the same row)
-Now you should be able to login with your new password.('password')

create host table in mysql for user access with phpmyadmin

I am trying to create a host table in phpMyAdmin for user access and while there is this option below, I cannot find this table to add hosts nor any instructions to create one.
Am I missing something?
Field: Use Host Table
Description: When host table is used, this field is ignored and values stored in Host table are used instead.
Thank you in advance
As of MySQL 5.6.7 the host table is no longer included in the installation of MySQL.
https://dev.mysql.com/doc/refman/5.6/en/grant-tables.html
It used to be that you could use the host table (located at mysql.host) to define allowed hosts for a specific database. It worked something like this:
A user would try to do something (let's say INSERT).
The server would look in the mysql.user table to see if the user had global INSERT privileges.
If the user didn't have global INSERT privileges the server would then look in the mysql.db table to see if the user had DB specific privileges.
If the user had DB specific privileges and the mysql.db.Host field was empty the server would look in the mysql.host table for any hosts that matched the Db field of the mysql.db.Db field.
Assuming it found a match it would allow the INSERT.
If you want to have multiple hosts for a given user read the following:
http://dev.mysql.com/doc/refman/5.6/en/account-names.html
Since a MySQL username is actually 'name'#'host' you could always add multiple users with the same name but different hosts and give them the same privileges.
Why does phpmyadmin still include this feature?
I can only assume that it is for legacy support.

phpmyadmin multiple accounts for one database

I was wondering if it was possible to have 1 database, but multiple logins (so that when a developer leaves, we don't have to change the entire db password and all instances of it).
If that's possible, how would I do it? (I have NO experience with phpmyadmin aside from code related queries, I'm doing research for a friend who would be able to implement it)
Thanks in advanced!
phpMyAdmin has a simple way of creating new SQL users. From the home screen, click on the database in the left column for which you want to add a new user. Click on the Privileges tab. At the bottom, there is a command labeled, "Add new user"; click that. Type in the username and password that you want to assign to the account. To restrict the user to that database, select "Grant all privileges on database."
Note: I'm using phpMyAdmin 3.4.7.1.
Yes that is possible. If you are using localhost, just login and create a new user and give the privileges for the database.
http://wiki.phpmyadmin.net/pma/user_management#Creating_a_new_user
If you are hosted server on Linux, there is an option to create new users and and assign to the databases with different privileges.
Yes, it's quite simple. PhpMyAdmin validates logins against MySQL's user permissions list. Simply create multiple MySQL users with full privileges on the DB in question and give each admin their own user.
It's easy to set this up from directly inside PhpMyAdmin. Just log in as a high-privilege user and click the "Privileges" tab. Then "Add New User" and specify the username, the host (generally localhost), a password and then create the user (with no privileges checked). Once the user is created, go back to the user list on the Privileges tab and click the edit button next to your new user. Then, under "Database-specific privileges", select the database you'd like to grant privileges... then just select all the rights you want to give this user and click "Go". This new MySQL user and password can now be issued to an admin so he/she can log into PhpMyAdmin, and it revoked at any time in the future.