Currently I have phpMyAdmin and MySQL installed on my server. I now want to provide access to phpMyAdmin to a friend of mine so he can setup his own databases and users, however I don't want him to be able to see or modify my databases.
Is this possible to do with a simple privilege account or do I require some kind of MySQL virtualization? I know cPanel installations provide this feature for web hosts, but I don't need or can afford cPanel at the moment.
You should look into MySQL Security Here specifically section 13.7.1.3 Grant statement. You could secure your DB from your friend logging in which will prevent him from seeing anything in that DB on PHPMyAdmin. Or you could create a DB for him to use and allow him access to that DB only.
You never mentioned if he will be on Localhost or will you need to open up MySQL for remote logins from other than Localhost which is the default behavior..
Related
I accidentally deleted all users in MySQL including localhost. Now I can't even access my connections. How can I add localhost use to access my connections?
localhost is not a user, it's a special host, referring, well, to the local host. That means the host machine the software in question is running on.
So, when using a MySQL Client software like Navicat, localhost means that you want it to connect to a MySQL database that is running on the same machine as Navicat itself, instead of connecting over the network to a database running on some remote machine.
Now, regarding your question, if you deleted the user table (or its content) from the MySQL database running on your localhost, the only way I know of to bring the users back is restoring a backup of the database, if you have one.
You might be able to get access to the database again by recreating the user table using the mysql_install_db script as pointed out here, but this won't recover the previously existing users.
I have a mysql workbench on my server and today I checked just my all schemas are deleted resulting in halt of other application.I am confused how it has happened.Is there a way to check who has last connected to my workbench as few ppl have its access and how can I recover the lost database or there could be another reason for lost of all databases
MySQL Workbench is a client tool. If you installed it on a database server, then perhaps you should be checking who was logged on to the db server and that will be appropriately logged by the O/S. You might also want to review your security policy because it sounds like you might be sharing passwords and review which user accounts have DROP privilege on the databases.
Your databases might not show in Workbench if the connection is not properly configured (but the applications not working would suggest otherwise).
I'm well aware this has been asked lots of times before but none of the answers so far has been applicable for me or solved the problem.
I want to run SQL Queries from Python using MySQLdb
I get
OperationalError: (1130, "Host '77-172-143-12.ip.telfort.nl' is not
allowed to connect to this MySQL server")
This IP (77-172-143-12) is
for configuring my own router (at home)
I should create a new USER for this
but I don't have the privileges to CREATE USER...s
The Privileges tab is missing from PHPMyAdmin, also when I use Firefox and delete all cookies.
I can't log in
with root and a blank password: I got only one username/login from
my web hosting company when I registered my domain with them.
The
database is on a remote server which I don't manage myself and I seem
not to have any access to any MySQL config files.
How could this possibly be solved?
UPDATE
I understood from the answers that I can't solve this myself since my hosting provider doesn't allow it (by default anyway). I'll contact them to see whether they're willing and able to do something about it.
If somebody else has the same problem: as a workaround I'll keep using my Python routines on my local MySQL database. I'll then use the Wordpress export and import tools to transfer my (updated) local database to the remote server where my website is located. That's not too bad since it will also result in frequent backups of my articles.
It's normal that phpMyAdmin does not show you the Privileges (or Users in recent versions) tab, since you're not privileged.
Usually, on shared servers, hosting providers also use a shared MySQL server, thus they won't allow you root access.
They usually also allow MySQL access only from their web server and not from your home machine, as an additional security measure.
You need to add your hostname (see myip.nl) as a new host in DirectAdmin and then you can connect to the database on a remote server from a local application (Python in this case). See the screenshot below (sorry it's in Dutch!)
I recently installed the XAMPP stack on a desktop and connected via a laptop on the local network. To my surprise, I was able to access phpmyadmin and delete update all mysql tables. Though I understand that I shouldn't use xampp for production (and I'm not), I would still like to learn how to manage these types of obvious security flaws. I know that I can block access to directories via .htacces (http://forum.directadmin.com/showthread.php?t=29089), but I would like something that is a little more comprehensive. How would you restrict running of mysql queries from anywhere except localhost? Is there a way without .htaccess? I thought this was partially the purpose of the root user.
MySQL defined users with domains. If you look at your user_privileges table in the information_schema database you will see that they all have domains. If all your users are defined strictly as localhost, there will be no remote access.
Also, you can edit my.cnf to turn off tcp access to the database, forcing all connections to be by socket. under [mysqld], include the line skip-networking. You will have to configure all your apps to use the socket connection, but I like the socket better anyway.
This will do nothing to protect your data from someone using phpMyAdmin, if phpMyAdmin is installed on the same machine as the database. The safest thing to do is get rid of that app. That's often not practical, however, as it's a useful tool, and so you need to configure phpMyAdmin to require that users authenticate themselves. That means NOT putting the password in the config file. You will need to think about how long sessions are before reauthentication, and things like that.
phpMyAdmin fills me with a rage hotter than a thousand suns whenever I try to configure it, but it is definitely possible to set things up so a password is required each time you connect to the database through phpMyAdmin. You can further limit the damage phpMyAdmin abusers can do my making sure it only connects as a user with limited privileges (for instance, only able to modify the database you're working on at the moment).
I have a domain name and my rails application.
Is there any way to connect with database without giving the IP address of that host name?
I need what changes are needed in my database.yml file.
The error you're seeing is almost certainly because you don't have a root#localhost user in your mysql database. It has nothing to do with the database configuration file.
You need to add the root#localhost user to your mysql database.
It goes without saying that you should not be using your root user in production and it is probably a good idea not to use it in dev either as it's level of privileges may be hiding some problems.
What errors are you seeing?
If you're asking how to connect to a database without using an IP address, that depends on whether or not your database running on the same machine that's hosting your rails app?
If you're database is on the same machine as your rails app, you can just use localhost as your database host name and that should work (assuming your database is running with the default configurations).