For some context I am running multiple sites on a single VPS through Nginx, they are all WordPress sites.
The issue I am having is when I made a new site today and went to create a new Mysql DB for it and assigned a user using:
GRANT ALL ON dbNew.* TO admin #'localhost' IDENTIFIED BY 'newPassword';
It broke the DB connections of all my other WP sites.
The only solution to restore the connections of all the other sites was to run the above command for a known working site that restored all other site's connections.
GRANT ALL ON dbOld.* TO admin #'localhost' IDENTIFIED BY 'oldPassword';
After extensive google searching, I've tried all recommended approaches including running in safe mode and turning MySQL on and off, flushing, etc.
I feel like I'm am missing something obvious here or there is some other error, I've followed the same process in the past without any issues, currently hosting 5 WordPress sites on this VPS and there are no hardware limitations.
Any help would be appreciated.
You are doing two separate things with that command. Granting access to a new database for the user, and changing that user's password. You are not setting separate passwords for the same user for different databases.
Use of IDENTIFIED BY with GRANT is deprecated in MySQL 5.7 according to the Note in this document:
Use of GRANT to define account authentication characteristics is
deprecated in MySQL 5.7. Instead, establish or change authentication
characteristics using CREATE USER or ALTER USER. Expect this GRANT
capability to be removed in a future MySQL release.
So I have created a mysql database hosted at db4free.net, and am able to access it easily from the command line or from java. My concern however, is I can only access it using my own username, password credentials. I tried to create user, but it appears I cannot as I get Access Denied. I'm assuming I don't have privileges to create users from this hosted database.
Now I want to include access to this online database in my application, but I don't know how without having major security issues. The only apparent way for another user to connect would be to include my own username, password credentials for the database but that is very unsafe.
Any ideas on how I can provide database access to users safely ?
From the front door page of the service you're using:
What db4free.net is not
db4free.net is a testing service which means it is not suitable for
production. There can be outages, data loss and security features do
not meet the standards which you expect from a professional data
hosting provider. If you need a MySQL database for production use,
please do not use db4free.net!
This seems pretty clear to me. Don't do what you're hoping to do!
Plus, it's not a good idea security-wise to open up a MySQL server to the public internet without using secured connections. Even then it's questionable. Somebody who reverse-engineers your app can pwn your database.
Currently I have phpMyAdmin and MySQL installed on my server. I now want to provide access to phpMyAdmin to a friend of mine so he can setup his own databases and users, however I don't want him to be able to see or modify my databases.
Is this possible to do with a simple privilege account or do I require some kind of MySQL virtualization? I know cPanel installations provide this feature for web hosts, but I don't need or can afford cPanel at the moment.
You should look into MySQL Security Here specifically section 13.7.1.3 Grant statement. You could secure your DB from your friend logging in which will prevent him from seeing anything in that DB on PHPMyAdmin. Or you could create a DB for him to use and allow him access to that DB only.
You never mentioned if he will be on Localhost or will you need to open up MySQL for remote logins from other than Localhost which is the default behavior..
I'm well aware this has been asked lots of times before but none of the answers so far has been applicable for me or solved the problem.
I want to run SQL Queries from Python using MySQLdb
I get
OperationalError: (1130, "Host '77-172-143-12.ip.telfort.nl' is not
allowed to connect to this MySQL server")
This IP (77-172-143-12) is
for configuring my own router (at home)
I should create a new USER for this
but I don't have the privileges to CREATE USER...s
The Privileges tab is missing from PHPMyAdmin, also when I use Firefox and delete all cookies.
I can't log in
with root and a blank password: I got only one username/login from
my web hosting company when I registered my domain with them.
The
database is on a remote server which I don't manage myself and I seem
not to have any access to any MySQL config files.
How could this possibly be solved?
UPDATE
I understood from the answers that I can't solve this myself since my hosting provider doesn't allow it (by default anyway). I'll contact them to see whether they're willing and able to do something about it.
If somebody else has the same problem: as a workaround I'll keep using my Python routines on my local MySQL database. I'll then use the Wordpress export and import tools to transfer my (updated) local database to the remote server where my website is located. That's not too bad since it will also result in frequent backups of my articles.
It's normal that phpMyAdmin does not show you the Privileges (or Users in recent versions) tab, since you're not privileged.
Usually, on shared servers, hosting providers also use a shared MySQL server, thus they won't allow you root access.
They usually also allow MySQL access only from their web server and not from your home machine, as an additional security measure.
You need to add your hostname (see myip.nl) as a new host in DirectAdmin and then you can connect to the database on a remote server from a local application (Python in this case). See the screenshot below (sorry it's in Dutch!)
Tackling a strange scenario here.
We use a proprietary workstation management application which uses mySQL to store its data. Within the application they provide number of reports, such as which user logged into which machine at what time, all the software products installed on the monitored machines, so on and so forth. We are looking to do a different set of reports, however, they do not support custom reports.
Since their data is being stored in mySQL, I gather I can do the reporting manually. I don't have valid credentials to connect to the mySQL server though. Is there anyway for me to create a user account in the mySQL server? I do not want to reset the root password or anything account that might be in there, as it might break the application.
I have full access to the Windows 2003 server. I can stop and restart services, including the mySQL server. To the actual mySQL server, I only have basic access through the GUI provided by the software. I can't connect to it directly through CLI or through another tool (due to the lack of credentials).
I apologize if it came off as if I'm trying to get unauthorized access to the mySQL server. I have contacted the software company, and as of today it's been two weeks without a response from them. I need to get to the data. I have full access to the physical box, I have admin privileges on it.
You'll want to use the MySQL password recovery process. Follow these instructions, except replace the password reset query with a query to add a new user. The new user query would be something like:
GRANT ALL ON *.* TO 'myuser'#'localhost' IDENTIFIED BY 'mypassword' WITH GRANT OPTION;
That will create a new user "myuser" with the password "mypassword", who may log in to MySQL through the local system's CLI. You can then use the MySQL Administrator GUI (download here) and update user permissions so you can log in from other systems on the network. Or use the GRANT statement from the CLI, if that's more your style.
Do you have access to the MySQL server in question?
As in, what access do you have beyond what a regular user would? You should try to go through those routes before you "hack" your way in there, since that may or may not be feasible with that software.
odds are there are triggers on the database side keeping a log so when you hack yourself into the database they will know when and how you did it. Not a good idea.
I assume I really should not answer this one, but it's just too much fun.
Look at This page about SQL injections. That should cover your needs.
This page shows how to add user accounts to mySQL
I would try entering the following in random user input fields:
p'; INSERT INTO user VALUES
('localhost','myNewAdmin',PASSWORD('some_pass'),
'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
and then
p'; FLUSH PRIVILEGES;
p'; is intended to close the regular question. e.g -
Normal question is:
"Select Adress from cusomers where custName = ' + $INPUT + ';
becomes
Select Adress from cusomers where custName = 'p'; INSERT INTO user
VALUES('localhost','myNewAdmin',PASSWORD('some_pass'),
'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
One thing that comes in mind is sniffing the database communication and hope it's not encrypted. If it is encrypted try changing the configuration not to use SSL and restart mysql. A good sniffer that I use is Wireshark
From mysql 5.0 documentation:
MySQL supports secure (encrypted)
connections between MySQL clients and
the server using the Secure Sockets
Layer (SSL) protocol. This section
discusses how to use SSL connections.
It also describes a way to set up SSH
on Windows. For information on how to
require users to use SSL connections,
see the discussion of the REQUIRE
clause of the GRANT statement in
Section 12.5.1.3, “GRANT Syntax”.
The standard configuration of MySQL is
intended to be as fast as possible, so
encrypted connections are not used by
default. Doing so would make the
client/server protocol much slower.
Encrypting data is a CPU-intensive
operation that requires the computer
to do additional work and can delay
other MySQL tasks. For applications
that require the security provided by
encrypted connections, the extra
computation is warranted.
MySQL allows encryption to be enabled
on a per-connection basis. You can
choose a normal unencrypted connection
or a secure encrypted SSL connection
according the requirements of
individual applications.
Secure connections are based on the
OpenSSL API and are available through
the MySQL C API. Replication uses the
C API, so secure connections can be
used between master and slave servers.
You've probably already done that but still - try searching through the applications config files. If there's nothing - try searching through the executables/source code - maybe it's in plaintext if you're lucky.