mysql, get superadmin password and user name - mysql

I need to work with a site where they don't remember the super admin password and user name. I can access to the database but with a no full access account.
If I have access to all the files in php my admin, can I get the password and the user name of the super admin?

This depends on how much access to the MySQL services on the server you can get. Try looking up "How to Reset MySQL Root password."

On top of what Tony Arnold said, you should be able to find the super admin pass within the MySQL database (of course depending on the database as stated above) this might help you:
https://docs.joomla.org/How_do_you_recover_or_reset_your_admin_password%3F#Method_1:_configuration.php_file

Related

phpvms and mySQL password rest

I brought a virtual airline and for my security I would like to change the password on the myphpadmin and mySQL.
I am very new to this and I'm not sure where to find this and or do it.
any help is very welcome
Many Thanks
Your phpMyAdmin is protected by the MySQL authentication; so when you change your MySQL password it will also change for when you log in to phpMyAdmin. To do so, if you have the proper permissions, you'll see a link to "Change password" near the top of the "General settings" area of the main page. Note that in doing so, you will need to update the password in any other software that uses the same credentials, including phpMyAdmin only if you use the auth_type 'config'.
If you don't see the link, your user account doesn't have permission to change the password directly. Some web hosting providers do this (I'm not sure why) and in many of those cases, provide some external means to change your password (perhaps through their management interface). However, in those cases it depends specifically on your provider and you'd have to ask their support staff for further assistance.

Is it possible to password protect an individual database in MySQL

I am using MySQL workbench 6.2.3. I want limit user access to an individual database.When one trying to open a database after getting in a connection, he/she should enter user name and password. Is there any provision to grant access to a database after entering valid username and password?
There's no way to require an additional password for a user once he logged in. Control access via the normal MySQL login. The user name used for that can be configured to have only access to the objects you want. The used user name decides what is allowed and what is not.
For commercial MySQL editions you can also use the new MySQL Firewall, which allows only a set of previously learned queries to be run by a given user. It's not a second login, but you can fine tune access levels for a given user.
I am not sure if this is what you are trying to achieve but you can do the following to grant a user the access to a single database and all its tables.
You login as root with "mysql -u root"
Then execute : GRANT ALL PRIVILEGES ON SpecificUserDB.* To 'TheUser'#'yourserver' IDENTIFIED BY 'secretpwd';
Hope this helps.

WordPress/Digital Ocean mysql password reset (difficult scenario) I'm stumped

Before I start I'd like to state that I know very little about SQL so bear with me please.
I recently signed up for hosting with digital ocean, I make WordPress websites so I created a droplet and everything was in working order, had my blog running and everything... Last week I made some tweaks to my blog, one of them being the change of username and password. Im usually always logged into my admin panel but I restarted my PC and now I cant get into my admin panel (I've forgotten the username and password.) I tried every option available to me on http://codex.wordpress.org/Resetting_Your_Password (even the emergency.php) but to no avail. The usual password reset email is not working so I figure its because the host is running an ssh server and that causes some interference with the email system.. anyway the only option left that I haven't tried for password reset is the phpmyadmin option, now this is a whole new thing with digital ocean for me. They don't have a cpanel so everything is done via ssh; I was able to figure out the gist of it, and attempted to create a database - now here is where it got tricky... (Since my blog was already up and running shouldn't it already have a database?) Every time I try to create a new SQL username/pass it succeeds in doing so, but then when I attempt to use that password to login to my shell I get this error: ERROR 1045 (28000): Access denied for user 'root'#'localhost' (using password: YES)
It makes no sense to me because I've just created the username and password yet it does not let me login with it. I am honestly beyond confused and THE ONLY REASON I EVEN WANT TO ACCESS PHPmyadmin IS JUST SO I CAN VIEW MY USERNAME AND PASSWORD TO LOGIN TO MY WORDPRESS ADMIN PANEL.
If anyone has an alternative for me to retrieve my username (even just my username would be fine because then I could use the emergency.php option) or how to get into phpmyadmin I would greatly appreciate it!
Thank you so much for your time and efforts in advance, this is very difficult for me.
You didn't mention anything about granting permissions to your MySQL users. From Digital Ocean (https://www.digitalocean.com/community/articles/how-to-create-a-new-user-and-grant-permissions-in-mysql):
CREATE USER 'newuser'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'newuser'#'localhost';
Rather than trying to read your password, which is most likely encrypted, you should try to change it.
use mysql;
update user set password = password('new-password') where user = 'you';
From your question it looks like you might also be digging for a Wordpress password. I'm not as familiar with that, but I can at least give you some basic guidelines:
show databases (see a list of the databases. try to pick the one that seems logical)
use myWordpressSite;
show tables (see a list of all the tables in that database)
describe thisTableOfInterest; (will display the columns and field types)
select someColumn from thisTableOfInterest;
I hope that helps.

Moodle database - user permissions

Where in moodle 2.6.1 database (mysql) i can find info about user permissions ?
When user creates account he has permission (logged user), how to change via database that permission to student ?
Thanks for help , best regards
Oh the capabilities are complex.
I wouldn't change it via SQL - use the site admin instead to change permissions
http://docs.moodle.org/26/en/Override_permissions

Setting up application privileges in MySQL

Say you created a blog application, and it's data is stored in a MySQL database. In your application configuration you set the data source name to myBlog user root password whatever
Now, when users start using your blog to access, post to, and comment on threads, etc... I am assuming they connect as root through the application myblog ...
So... users connect to the application myBlog who in turn connects to MySQL as user root , using password whatever --- it's not really the users that are connecting to MySQL, it's the application. Correct?
Is there not a security issue with this approach? Should I create a new username in MySQL for the application myBlog with specific privileges and leave root only for administering the database?
yes, the application connects to the db. you should create a new mysql user for your application, do something like
CREATE DATABASE myblog_env;
CREATE USER 'myblogenv-user'#'%' IDENTIFIED BY 'your pw';
GRANT ALL PRIVILEGES ON myblog_env.* TO 'myblogenv-user'#'%' WITH GRANT OPTION;
something like the above should do it. The 'env' part of the above is for if you want to create a new db for difference environments, like dev, stage, prod, whatever....
this way your application user has complete access to its db, but no other dbs in the mysql instance.
First of all, you should NEVER use the root account of a mysql database for anything else then admin work.
Second of all, in theory yes the user of your blog would be the "root" in your mysql database, but hopefully there is a lot of sanatizing and cleaning up in your blogs code before any queries are executed...anything else would be know as an "sql inject"
You are exactly right. This is called the principle of least privilege. You should give the application the minimum access rights that it needs to complete the job. This would not be root.
The short answer is: Yes.
Long answer:
Security: You should have a different user for your application than you do for yourself as the administator. That application user should only have read (and write if necessary) privileges on the specific database it needs to access. Also, it should not have privilege-granting privileges, nor drop table privileges, nor database creation/dropping privileges, nor anything else that is reserved for you.
Convenience: If you ever need to change your password, you don't want to have to change your application, and vice versa.