So I have created a mysql database hosted at db4free.net, and am able to access it easily from the command line or from java. My concern however, is I can only access it using my own username, password credentials. I tried to create user, but it appears I cannot as I get Access Denied. I'm assuming I don't have privileges to create users from this hosted database.
Now I want to include access to this online database in my application, but I don't know how without having major security issues. The only apparent way for another user to connect would be to include my own username, password credentials for the database but that is very unsafe.
Any ideas on how I can provide database access to users safely ?
From the front door page of the service you're using:
What db4free.net is not
db4free.net is a testing service which means it is not suitable for
production. There can be outages, data loss and security features do
not meet the standards which you expect from a professional data
hosting provider. If you need a MySQL database for production use,
please do not use db4free.net!
This seems pretty clear to me. Don't do what you're hoping to do!
Plus, it's not a good idea security-wise to open up a MySQL server to the public internet without using secured connections. Even then it's questionable. Somebody who reverse-engineers your app can pwn your database.
Related
I have written a program for a client that manages orders for his photography/souvenir business. However, I am trying to implement a DBMS for him so that he can do some analysis of the relevant trends over time.
The client's machine is a standalone Windows 8 PC.
I am attempting to use MySQL as he doesn't wish to purchase MS Access. However, he only wants it to be stored locally on the same machine he takes the orders on. How would I go about setting this up? I am new to database management so some detail would be really helpful!
You can follow MySQL's documentation to install. They have a GUI.
Once installed make sure to add a strong root password.
I would also create a database MyAwesomeNewDatabase specifically for your data. Then create a user for your application to use that is limited to just the database.
GRANT ALL PRIVILEGES ON MyAwesomeNewDatabase.* To 'user'#'localhost' IDENTIFIED BY 'password';
Then your application can use 'user' and 'password' to communicate. Specifying localhost means 'user' can only log in if on that machine, which you indicated is the case.
You indicated VB.net. You will need to install mysql-connector-net
Then in Visual Studio add reference to the dlls. Codeproject has a good tutorial on this.
You can always use DB at local computer. All you need to do is change the DB config done in your project. Change the address to localhost. I may be able to help more if i get the language you're working upon and the part of code where DB credentials are defined.
You can use Portable MySQL ,probably this Link help to you:
Designing Applications for Portability
You can always use DB at local computer Normally ...
sqlite is better for portable programming!
I'm well aware this has been asked lots of times before but none of the answers so far has been applicable for me or solved the problem.
I want to run SQL Queries from Python using MySQLdb
I get
OperationalError: (1130, "Host '77-172-143-12.ip.telfort.nl' is not
allowed to connect to this MySQL server")
This IP (77-172-143-12) is
for configuring my own router (at home)
I should create a new USER for this
but I don't have the privileges to CREATE USER...s
The Privileges tab is missing from PHPMyAdmin, also when I use Firefox and delete all cookies.
I can't log in
with root and a blank password: I got only one username/login from
my web hosting company when I registered my domain with them.
The
database is on a remote server which I don't manage myself and I seem
not to have any access to any MySQL config files.
How could this possibly be solved?
UPDATE
I understood from the answers that I can't solve this myself since my hosting provider doesn't allow it (by default anyway). I'll contact them to see whether they're willing and able to do something about it.
If somebody else has the same problem: as a workaround I'll keep using my Python routines on my local MySQL database. I'll then use the Wordpress export and import tools to transfer my (updated) local database to the remote server where my website is located. That's not too bad since it will also result in frequent backups of my articles.
It's normal that phpMyAdmin does not show you the Privileges (or Users in recent versions) tab, since you're not privileged.
Usually, on shared servers, hosting providers also use a shared MySQL server, thus they won't allow you root access.
They usually also allow MySQL access only from their web server and not from your home machine, as an additional security measure.
You need to add your hostname (see myip.nl) as a new host in DirectAdmin and then you can connect to the database on a remote server from a local application (Python in this case). See the screenshot below (sorry it's in Dutch!)
I want to ask for something in Database protection.
I have a Windows Application that will be deployed to different clients, while deploying i am creating a database on client machine.
The Question here is can i protect this database with password so, ONLY my application can access it.
The database engine may be Microsoft SQL Server or MySQL.
Thanks
I think you're asking this because want to prevent someone from knowing your data structures or internal data storage, but you cannot do that to a user with DBA privileges on SQL server or any other real database.
If you really want to hide that from your customers (which is not a good idea for me), you may evaluate installing it in a server which is also physically and logically under your control. Nowadays, a good solution for this may be hosting this server in the cloud, for example hosting your data in AZURE.
Hiding your database structures doesn't look professional to me.
You GRANT access to a MySQL database and/or table to a user with an optional password. When you want to access this database, you must provide the user and password.
But there's no automatic encryption. You might want to look at this question MySQL and data file encryption and it's answers.
For security related questions, you might also look into Security and Securing the Initial MySQL Accounts.
At first I searched in Stack Overflow about the difference between MySQL and SQLite. So there is some answers but still I want to know something. When accessing MySQL I need to give host, username, password and database parameters. But when accessing SQLite I just give database name. Can anyone explain me this why, and for security reasons also, should not be there password for SQLite database, can not be it just downloaded for example from server, so I am totally stuck. So need your help.
The difference is that MySQL is a database server, while SQLite is a database engine that works against single database files.
You are correct that the SQLite database file could just be downloaded if it's placed right in the web application where anyone can reach it.
Most server providers offer a folder where you can place files like this, so that the web application itself can reach it, but it's not directly downloadable.
You can also optionally add protection to the SQLite database file. See this question:
Password Protect a SQLite DB. Is it possible?
SQLite is mainly used for mobile and tablet apps.So they are just used for a single system.
But in MySql its a complete database and can be used from multiple system. So for increasing security ,we have to give all these. So that no one can misuse the data...
SQLite is just a file. If you have read access to the file that is the implicit security model (as well as the possibility to use database encryption).
MySQL is a network service. It can listen on an internet facing socket, meaning anyone in the world can access it if they have the right authentication credentials.
SQLite is file based, MySQL is a service which runs on the server. With SQLite you don't need to enter the database name, but actually the database file.
If you put the database file at an inaccessible location, you should be totally fine and the user will not be able to download the file.
I was wondering if the is a way or tool that will enable me to have access history/report to my MySQL database (I have no root/shell access on the server). I would like to be able to know when and what user accessed the database, and which table, if possible.
Thanks!
The mysql general query log is used for this but you need access to the server and database to enable it. Be aware, even with connections logged like this, if requests are made from scripts on the server, I ain't sure this will give you the ip as the request is made from localhost.