We have a system that has multiple processes running of different physical servers. Some in Java, others in C++. Each has its own config file where the database connection string is maintained. We need to keep the DB and server name in the config file of every program. The password has to be encrypted. Every program has to perform the task of reading its config and decrypting the password and then connecting to the DB.
Is there a pattern that solves this problem? Ideally I would like all global configuration to be in a single place and all programs running on different physical servers. What is the best way to do this?
Regards,
Yash
Every program has to perform the task of reading its config and
decrypting the password and then connecting to the DB.
Since your software itself decrypts a password, hacker will be able to recover encryption details from your binary and use them to decrypt password from configuration file.
This problem is usually solved using three-tier architecture. You write an intermediary Application Server which does database connections. Your client applications then connect to this application server using login and password of users, not those of the database. Application Server verifies user's credentials and controls access.
Related
I have created a mysql database and a table on terminal. The data is stored in /usr/local/mysql but my db is a folder and a table has .ibd extension.
How do I get a normal .db extension with a table inside?
The .db file extension is normally used by SQLite, which is a different database product than MySQL.
SQLite is an embedded database. You can write client programs that use the SQLite library to read and write .db files. But it's limited to read and write files that are located on the same computer where your client program runs.
MySQL is a client/server database. You shouldn't read and write the data file directly. The only program that does that is mysqld, the MySQL Server daemon.
You can write applications that use the MySQL client library to open a socket or TCP/IP connection to convey commands to the MySQL Server. This allows the MySQL Server to be on a different computer than where your client program runs. Your client program can request data remotely, over a network. Likewise, other client programs on yet other computers can also make network connections to the MySQL Server's computer. It supports many remote connections at the same time.
You should probably learn more about using MySQL. The manual has a tutorial section.
A new client of mine has a site hosted on netnation (boo). Their account manager doesn't have a way to access phpmyadmin or anyway to access the database. I'm not a programer, I'd just like to be able to view a stored password so I can give it to my client. I have the database host, user, password, and database name in the php files of the site.
Is there a program that I can use to view the database? No command line please it's not my thing and I'd probably break something.
Thanks
Most live databases don't allow direct access from outside the server, so if you're unlucky it can't work unless you can configure mysql to allow access from remote clients, too.
But at least you can try. Just configure any phpmyadmin installation (locally or on another server) to connect to that database. You do that in the file config.inc.php in the phpmyadmin root directory.
Look for the line that says "$cfg['Servers'][$i]['host'] = 'localhost';". Just replace 'localhost' with the url or IP your database is running (usually the same as the website). If your mysql allows remote access, you should be good to go. Otherwise you will have to re-configure your mysql installation first to allow that.
MySQL Workbench is a GUI program that allows access to MySQL database. It can work directly or using SSH. Most likely you won't be able to connect directly so your best chance is to get SSH access and connect using it. If it's not an option you can get FTP access and install phpMyAdmin (simply by uploading it to server).
Also, it's considered a bad practice to store password in DB, so it's very likely that the password itself is not stored, just its hash.
I'm building an Excel app using VSTO / VB.NET and make several connections to a bunch of databases/tables in MySQL which is hosted on a BlueHost account.
Now, they require for the IP address of the inquiring computer to be registered as a 'host', which sounds great for security but given the app will be distributed to a theoretically unlimited number of people on an unlimited number of computers - it's very impractical for me to individually allow each client IP address in my BlueHost account. What's the best way to allow access, on the fly?
The database user/password will already have the correct permissions to the relevant databases etc. It's just a matter of allowing them access to a remote MYSQL connection to start off with.
I've read around SO to use the 'GRANT ALL' SQL Command but I'm not sure exactly when and where to use this. How would you run a SQL command before making a connection to the database; because it is at this point that the connection throws an error..
Take a look at this it has all your info for conecting to remote servers too, Here
I am trying to configure the Apache FtpServer for windows, and i've got most of it running already, however I am having difficulty understanding the database user manager...
I am more or less a complete newbie to this and SQL, however I already have an FTP server up and running in Linux using VSFTPD. the company wants to migrate from linux to windows, and I have to create accounts for close to 5,000 users (which is why I want to use the database manager).
Here are my questions:
I can see that the xml configuration controls the connection to the database, but how does it control authentication? can someone explain which section handles user authentication from the database? EDIT: by user authentication, I do not mean the database connection itself, but rather how FTPServer authenticates a connection THROUGH the database.
How can I prevent / detect brute-force attempts against my server? our current linux ftp server uses DenyHosts for port 22 (ssh) and is hit by attacks at LEAST 20+ times a week, is there any kind of built-in authentication protection, and if not, can anyone suggest a way to create one? I know that the xml config has themax-login-failuressetting, which closes the connection after a certain number of attempts, but I need it to completely deny any further access from that IP, and not just close the connection.
Example:
Any attempt to log in with the following usernames results in immediate IP-BAN:
Root
Admin
Administrator
System
etc
Other settings
Attempts for non-existing users results in IP-BAN after # attempts for IP (including different users)
Attempts for existing users results in 60-second time out after # attempts (including different users)
Any and all help would be greatly appreciated. If you have any questions or require clarification on anything, please post a comment and I will make any necessary changes / replies.
Thanks.
See the example under Data source configuration here
Apache Ftpserver does not provide this functionallity out of the box. You either have to extend it and program this yourself, or use some external system that parses its log files and dynamically add/remove firewall rules (something like what fail2ban does on linux)
We have a fairly simple M$ Access db, split into front-end (forms, reports, etc.) and back-end (tables). Currently looking for a way to get the tables with all the critical data off of one desktop and hopefully into a MySQL database on our web host, and be able to connect to it from multiple PCs (still probably only one or two people connecting to it at any give time), and eventually, hopefully, migrate to a web application when time allows. Many of the examples I've read about people connecting an Access db front-end to a MySQL back-end seem to imply that they are doing so on a LAN, probably behind a firewall, etc.
Is it at all safe to connect a M$ Access front-end to a MySQL backend when that mysql server is running on a remote web host? Does the ODBC connector take care of encryption?
TIA,
Monte
You could use putty to mount a ssh tunnel to your mysql server and redirect the remote mysql port to your machine.
Using putty is pretty straightforward:
Give it your mysql server dns name as the host and go to "Connection/SSH/Tunnels", there you define the local port to connect in the "Source Port" field (e.g. 3307).
In the the "Destination" field put the dns name of your mysql server followed by a colon and the port mysqld is running in (e.g. mysql.example.org:3306).
Save this as a profile then connect and the remote mysql port will be availbable locally on port 3307.
Just make sure you restrict the user because by default he will have an ssh shell on the server.
Setting up key authentication would also be practical because you won't have to enter a password to connect to the server (but be sure to protect your key on disk by encrypting it).
EDIT: It seems the mysql odbc connector support ssl, you could use that too but I'd personnally choose to use SSH anyway as you will have it already on your mysql server.