I have a database that I have created for a friend of a mine that he would like to store his data and work directly from on a daily basis. Recently I came across ExcelforMySQL and thought this would be a perfect AddIn for him to use.
I have successfully linked the AddIn to the database (Xampp Local connection) and this loads up fine but when I move the database onto a webserver that I have with ionos(1and1) and enter the Host Details along with the Username and Password, I get the following error:
Connection attempt failed.
Unable to connect to any of the specified MySQL hosts.
When I click Show Details:
All it says is One or more errors occurred.
Would really appreciate it, if somebody could advise on how to fix this, as I really want to be able to work live on the data and update the changes from the user directly in Excel if possible and this addin looks like it does that.
If anyone has any other suggestions then I am happy to hear them as not fussed as what is used as long as it works.
Thanks
I had a similar problem to yourself with a number of my own sites/DB's hosted on Ionos. After a bit of searching through their help they state that access from outside your Ionos package is not possible. Unfortunately we're stuck with their hosted version of PHP My Admin in the control panel.
Although I have found that MySQL-front works great and bypasses the Ionos restrictions. Google is your friend...
Maybe a bit late for you but for others who come across this question as I said google is your friend...
I am in charge for migrating old Access 2007 project to MS SQL server 2008 Express. The first stage is to move all the data from MS Access database to SQL server while keeping the Access forms and reports at the client.
So, the data are now moved, an SQL server user (for accessing only that particular database) created, and the tables are linked the Access database via ODBC connection. However, there's one nuisance that should be somehow solved: the Access regularly asks for the user password, when opening the Access database.
The users on server PC and client PC both log onto their local machines, ie their users are not verified on independent domain server.
I see there are several ways how to solve this:
1) Configure the integrated security model so that the user can log on, being automatically authorized by his Windows login (ie, use "trusted connection"). I am not sure how this could be done, given that the server PC does not recognize the user from client PC. If I try to do this now, I get error that the user is connecting from untrusted domain.
2) Store the SQL server user password at client side. I am not sure this is possible, though. I am aware keeping password in some config file, or stored obfuscated in application configuration should be considered lowering security, but this is acceptable for the given setup.
3) Perhaps some other way how to link the SQL server tables into Access?
The best solution is obviously to use Windows security.
If that is not suitable, here is a possible alternative trick, exploiting the fact that Access remembers all opened connections until the program is closed:
copy the connect string of one of your tables
create a passthru queries "ptqConnect" and enter any fast SQL statement in it, like SELECT 1
paste the connect string of into the PTQ Connect property, and make sure you add the PWD=something; in it.
in the startup procedure of your app make sure you call that PTQ. Something like DCount("*", "ptqConnect") will do.
That's it. Since Access remembers opened connections until you close it, even if you close the db, your other tables will now open without any fuss, even if no password is stored in the linked tables Connect string.
If you don't want to expose the connection string that includes the PWD, you could as well initiate a connection from VBA and hide the code by delivering a MDE or just password protecting the code.
You can find an explanation of this behaviour here.
Inform the users your organization's security policy prohibits storing passwords. Therefore they must provide their password each time they open the database. Explain that this policy will deny an unauthorized user the ability to open the database from an authorized user's machine. If the password were stored in any fashion, a miscreant could simply sit down at an unattended machine and open the database.
Since you can't use a trusted connection, this is the safest way to do it. Yes, the users will have to supply their password each time they open the database, but that's what it takes to keep the data safe.
Edit: Since your option #2 is acceptable, you can just store the uid and pwd in the connection strings for the ODBC-linked tables.
Here is an example copied from connectionstrings.com
Driver={SQL Server Native Client 10.0};
Server=myServerAddress;
Database=myDataBase;
Uid=myUsername;Pwd=myPassword;
I split the single line string for browser display. You'll need to also identify which table each of the links points to; examine your current link connection strings to see how that is done.
The uid and pwd will be plain text, and visible to anyone who can view the connection properties. But I didn't see any indication those are concerns for you.
I have had this issue, with Access 2010, linking to SQL Azure, but it was very simple. When linking the tables, there is an tick box option with each table to save the password.
Relinking your tables and checking this option would sort the issue. It does give you warnings that this may not be secure, but not all databases contain confidential data.
Just ran into this problem connecting remotely to my workplace sql server using Access. I have Access 2013, but I don't think it has made any changes to something so basic as as ODBC connection from 2010. Since it is not a trusted connection, yes, you will have to log into the server each time you connect to the database. This is just basic security; can't think why you would ever want an app to just connect from an untrusted network unchallenged. So, I expect to have to log in when opening the database.
What was driving me crazy, however, was that each and every time I tried to open a table, I was asked for the password, and not just once, but twice, and I have to use a 13 character password that was randomly generated at creation! So, needless to say, that was completely unacceptable.
Access keeps the connection information in the sys table MSysOBjects, but I doesn't store the password, at least not there. I use an access DB stored on a cloud server synced with my desktops so I can open a local copy rather than having to remote in to my work desktop. It's much faster this way.
But, using the db in Access as a local file means that I have keep a close eye on the DSN connection names. As long as they are absolutely identical on all computers, it works great. So, if named my DSN "ProductsDBIII" when I created it at work in the ODBC32 Windows tool, then I need to use that same name when creating it at home. The actual connection string will be different, but Access doesn't care about that. However, here's the trick: when I first the DB from home, for instance, after a day at work, then I have to refresh the connections in Access's Linked Table Manager. Just check the tables/views you need, or "Check All", and go. Access will make the connection--probably prompting you for the log in--and then quickly refresh the "connect" string field in the MSysObjects table because they will be different, at least if switching from trusted access.
Voila, no more single or double challenges every frickin' time I open a table. I will get asked once when I first make a connection the first time I open a table from the remote DB, but that's it.
Hope this helps someone.
Jim
Re the use of Passthrough QAuery to set ODBC connection.
The form quoted as the startup form in the Database options will fire BEFORE autoexec.
So that form cannot/should not quote linked tables,
or
Leave that none; and set the form in autoexec.
Otherwise you will still be prompted for pwd for the ODBC connection
A typical problem scenario is using a Switchboard form with the table in the linked database
Some of our ColdFusion sites are having the words "coupon" inserted into their footer with a link to another site. Is there anything I can do to prevent this? Is there any software I can run to help detect any vulnerabilities? It doesn't seem to be SQL injection as the databases seem fine and nothing unusual is showing up in the logs.
There are several variations of attacks that produce this sort of result (appending a link to some malicious or nefarious site). For example, this one (Script Injection) uses the latency between a file upload and checking to insert executable code on your server.
Other attack vectors include FTP (which is why you should not use it), or other file transfer protocols. In your case the infected machine may not be the server. It could be a client machine with access to the server - a developer who has set up FTP to the server for example.
Let me know if you need formal help - we have a good track record fixing this sort of thing. If you get more clues post them and I'll try to help. I will warn you that if this is a server infectionit is at the root level and is so pervasive your only option is to start with a pristine install and reinstall your code. Bad news I know - sorry :(
We had something similar happen when one of our servers was hit by the hack Charlie Arehart describes here:
http://www.carehart.org/blog/client/index.cfm/2013/1/2/serious_security_threat
Have you had these patches?
Another option that I would recommend is searching your site(s) for any use of the <cffile> tag that isn't expected. I had a customer that somehow got a single file that was a backdoor to their site. It was particularly dangerous because it could upload files to any location on the server as well as execute any SQL command against any datasource on the server. In other words, this single file opened the door to all of the sites and databases that were running on that server.
This backdoor file (which was named vision.cfm) was often used to update footers with links to coupon and spam sites. vision.cfm was only 210 lines of code.
The entire server had to be sanitized after this was discovered.
Is POST method inherently "secure" and if not, can it be easily made secure or should I use a different protocol entirely?
Please back your statements up with explanation or reference unless they are simply opinion.
The system:
.NET program collecting data with a QR scanner
a web server running CentOS 6
a database on the server to store scans in tables based on QR type.
not all QR types are known now so a new table is created when a new QR type is to be sent.
data needs to get from QR scanner to database as quickly as possible but assume connection is unreliable (think cell phone tethering)
Feel free to comment on my (incorrect?) assumptions about the validity of these other methods I've discounted.
opening a port for MySQL and pushing data in directly - makes IT people panic even if the user has very restricted privileges although I don't see how it's insecure. (also see comments on ssh + MySQL)
using ssh tunnel to insert to MySQL - it's quite conceivable that the database structure will change in the future and I want all the MySQL work done server side so it's easy to modify.
making my own listener on a port on the server and defining my own protocol - seemed daunting at first glance. I know C++/C/Python/PHP so I could do something like this if POST is bad and listener is easy. Don't know where to start or scope of this method.
Example of data packet to be sent. (This is what my .net DLL must receive from the previous person) [QRTypeVersion, HeaderLength, H1, H2, ... DataLength, D1, D2 ..., Comment]
Some good reads:
There are some really good comments about security.
Is either GET or POST more secure than the other?
how to secure POST method without using SSL?
How secure is a HTTP POST?
Hope this helps.
Here's my situation: I have a file, homepage.php, that I want to allow my customers to host on their servers. homepage.php needs to somehow get information from my database, but I don't want my customers to have full access to my database. What's the best way to do this and how can I make it work?
I tried to do it by including the line:
require( "http://www.mydomain.com/connect.php" );
in homepage.php but I'm not sure if that's the right way and also, it gives me an error.
What error does it give you? Also that won't work because your server parses the PHP and send back the result, rather than including the source code like you want.
Easy solution
Have a read-only account, and give those details out to your customer's pages.
Then they can set up the mysql connection with the IP/exposed port of your mysql server and log-in from there.
Better solution
Have accounts for each customer, so privileges can vary accordingly, otherwise same as above.
Best solution
Expose access via a SOAP service. If you have enough customers and they're developing with you, an API is invaluable.
Without the warning it is hard to troubleshoot the connection issue although I bet it might have something to do with it looking at localhost versus the IP of the machine where the database resides.
The best solution is to have an ini file that has the username and password in it for each individual customer and have the connect.php file look for the ini file on that customers local webserver. You can then configure the priveleges for each account to have only select access to certain tables, or update priveleges to certain users, etc.
Also if your customers will be building their own code around yours, developing a SOAP service might be useful.