So I created a RDS with AWS, I shared the endpoint and port number with my team, but when they try to log onto my server they get the following:
Why can't they log in, but I can from my mySQL workbench? I logged in, created a schema, and did some insert/delete operations to test everything out. But they can't log in.
Also, they want the schema code (which I created using forward engineering) but I forgot to copy it. Is there any way to access it from mySQL workbench? The code that is created from forward engineering?
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html By default, network access is disabled for a DB instance. You can specify rules in a security group that allow access from an IP address range, port, or EC2 security group. Once ingress rules are configured, the same rules apply to all DB instances that are associated with that security group. You can specify up to 20 rules in a security group.
You need to adjust your RDS security group to allow access from your team's IP address to the port 3306
We know the procedure of changing the master password of RDS instance.
I want to know:
Does the RDS instance drop the current connections which were connected with old credentials or they remain in running state as in core MySQL?
You cannot have root access to an RDS.
You can change the master user password of the RDS, provided during the creation of the RDS.
If this particular username is not in use anywhere and you change the password, there will be no connection drops.
Connection didn't drop while changing the master password in RDS.
Also:
The change is applied asynchronously, as soon as possible. This setting ignores the Apply immediately setting.
You can check the RDS docs:
RDS DOC to Modify RDS instance
I was wondering whether there is a way to define a specific database in the connection setup of MySQL Workbench (I know this works with other database software). Sometimes I have a lot of different databases on one server and I only want to access one with one connection. Can I specify the database in the connection settings somehow?
YES, On the home tab Click the + in MySQL Connections. And put the database name in the Default Schema: when you fill in all the usual info about ip address etc
Now if you only want to see the one database, then create a new MySQL user account and only allow this new account access to this single database. Then change the connection to the database to use the newly created MySQL account.
I guess you are seeing all the databases because you are using the root account.
If I have ensured that connections to the MySQL db are not using the root user account. I have created application specific users with appropriate schema privileges. I am just a little leery that I may be overlooking some system level function that uses the root user.
You should leave a root account - actually I am not sure you can remove it completely anyhow without some consequences. I am not sure, but I think it is needed for the password recovery, if all admin passwords are lost - you can start MySQL deamon (or service) with password free mode using special syntax. So basically, whoever has sudo access to your server can always access/alter all MySQL data.
But you should DEFINITELY define a password for the root and store it safe - not on the server, not even obscure, and possibly limit it to be able to connect only from localhost.
By default, this is the case, root user cannot connect from any host but localhost, so don't change that.
You should change the name of the default MySQL root user. I usually do that on all my MySQL installations.
Tackling a strange scenario here.
We use a proprietary workstation management application which uses mySQL to store its data. Within the application they provide number of reports, such as which user logged into which machine at what time, all the software products installed on the monitored machines, so on and so forth. We are looking to do a different set of reports, however, they do not support custom reports.
Since their data is being stored in mySQL, I gather I can do the reporting manually. I don't have valid credentials to connect to the mySQL server though. Is there anyway for me to create a user account in the mySQL server? I do not want to reset the root password or anything account that might be in there, as it might break the application.
I have full access to the Windows 2003 server. I can stop and restart services, including the mySQL server. To the actual mySQL server, I only have basic access through the GUI provided by the software. I can't connect to it directly through CLI or through another tool (due to the lack of credentials).
I apologize if it came off as if I'm trying to get unauthorized access to the mySQL server. I have contacted the software company, and as of today it's been two weeks without a response from them. I need to get to the data. I have full access to the physical box, I have admin privileges on it.
You'll want to use the MySQL password recovery process. Follow these instructions, except replace the password reset query with a query to add a new user. The new user query would be something like:
GRANT ALL ON *.* TO 'myuser'#'localhost' IDENTIFIED BY 'mypassword' WITH GRANT OPTION;
That will create a new user "myuser" with the password "mypassword", who may log in to MySQL through the local system's CLI. You can then use the MySQL Administrator GUI (download here) and update user permissions so you can log in from other systems on the network. Or use the GRANT statement from the CLI, if that's more your style.
Do you have access to the MySQL server in question?
As in, what access do you have beyond what a regular user would? You should try to go through those routes before you "hack" your way in there, since that may or may not be feasible with that software.
odds are there are triggers on the database side keeping a log so when you hack yourself into the database they will know when and how you did it. Not a good idea.
I assume I really should not answer this one, but it's just too much fun.
Look at This page about SQL injections. That should cover your needs.
This page shows how to add user accounts to mySQL
I would try entering the following in random user input fields:
p'; INSERT INTO user VALUES
('localhost','myNewAdmin',PASSWORD('some_pass'),
'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
and then
p'; FLUSH PRIVILEGES;
p'; is intended to close the regular question. e.g -
Normal question is:
"Select Adress from cusomers where custName = ' + $INPUT + ';
becomes
Select Adress from cusomers where custName = 'p'; INSERT INTO user
VALUES('localhost','myNewAdmin',PASSWORD('some_pass'),
'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
One thing that comes in mind is sniffing the database communication and hope it's not encrypted. If it is encrypted try changing the configuration not to use SSL and restart mysql. A good sniffer that I use is Wireshark
From mysql 5.0 documentation:
MySQL supports secure (encrypted)
connections between MySQL clients and
the server using the Secure Sockets
Layer (SSL) protocol. This section
discusses how to use SSL connections.
It also describes a way to set up SSH
on Windows. For information on how to
require users to use SSL connections,
see the discussion of the REQUIRE
clause of the GRANT statement in
Section 12.5.1.3, “GRANT Syntax”.
The standard configuration of MySQL is
intended to be as fast as possible, so
encrypted connections are not used by
default. Doing so would make the
client/server protocol much slower.
Encrypting data is a CPU-intensive
operation that requires the computer
to do additional work and can delay
other MySQL tasks. For applications
that require the security provided by
encrypted connections, the extra
computation is warranted.
MySQL allows encryption to be enabled
on a per-connection basis. You can
choose a normal unencrypted connection
or a secure encrypted SSL connection
according the requirements of
individual applications.
Secure connections are based on the
OpenSSL API and are available through
the MySQL C API. Replication uses the
C API, so secure connections can be
used between master and slave servers.
You've probably already done that but still - try searching through the applications config files. If there's nothing - try searching through the executables/source code - maybe it's in plaintext if you're lucky.