I recently installed the XAMPP stack on a desktop and connected via a laptop on the local network. To my surprise, I was able to access phpmyadmin and delete update all mysql tables. Though I understand that I shouldn't use xampp for production (and I'm not), I would still like to learn how to manage these types of obvious security flaws. I know that I can block access to directories via .htacces (http://forum.directadmin.com/showthread.php?t=29089), but I would like something that is a little more comprehensive. How would you restrict running of mysql queries from anywhere except localhost? Is there a way without .htaccess? I thought this was partially the purpose of the root user.
MySQL defined users with domains. If you look at your user_privileges table in the information_schema database you will see that they all have domains. If all your users are defined strictly as localhost, there will be no remote access.
Also, you can edit my.cnf to turn off tcp access to the database, forcing all connections to be by socket. under [mysqld], include the line skip-networking. You will have to configure all your apps to use the socket connection, but I like the socket better anyway.
This will do nothing to protect your data from someone using phpMyAdmin, if phpMyAdmin is installed on the same machine as the database. The safest thing to do is get rid of that app. That's often not practical, however, as it's a useful tool, and so you need to configure phpMyAdmin to require that users authenticate themselves. That means NOT putting the password in the config file. You will need to think about how long sessions are before reauthentication, and things like that.
phpMyAdmin fills me with a rage hotter than a thousand suns whenever I try to configure it, but it is definitely possible to set things up so a password is required each time you connect to the database through phpMyAdmin. You can further limit the damage phpMyAdmin abusers can do my making sure it only connects as a user with limited privileges (for instance, only able to modify the database you're working on at the moment).
Related
I accidentally deleted all users in MySQL including localhost. Now I can't even access my connections. How can I add localhost use to access my connections?
localhost is not a user, it's a special host, referring, well, to the local host. That means the host machine the software in question is running on.
So, when using a MySQL Client software like Navicat, localhost means that you want it to connect to a MySQL database that is running on the same machine as Navicat itself, instead of connecting over the network to a database running on some remote machine.
Now, regarding your question, if you deleted the user table (or its content) from the MySQL database running on your localhost, the only way I know of to bring the users back is restoring a backup of the database, if you have one.
You might be able to get access to the database again by recreating the user table using the mysql_install_db script as pointed out here, but this won't recover the previously existing users.
A new client of mine has a site hosted on netnation (boo). Their account manager doesn't have a way to access phpmyadmin or anyway to access the database. I'm not a programer, I'd just like to be able to view a stored password so I can give it to my client. I have the database host, user, password, and database name in the php files of the site.
Is there a program that I can use to view the database? No command line please it's not my thing and I'd probably break something.
Thanks
Most live databases don't allow direct access from outside the server, so if you're unlucky it can't work unless you can configure mysql to allow access from remote clients, too.
But at least you can try. Just configure any phpmyadmin installation (locally or on another server) to connect to that database. You do that in the file config.inc.php in the phpmyadmin root directory.
Look for the line that says "$cfg['Servers'][$i]['host'] = 'localhost';". Just replace 'localhost' with the url or IP your database is running (usually the same as the website). If your mysql allows remote access, you should be good to go. Otherwise you will have to re-configure your mysql installation first to allow that.
MySQL Workbench is a GUI program that allows access to MySQL database. It can work directly or using SSH. Most likely you won't be able to connect directly so your best chance is to get SSH access and connect using it. If it's not an option you can get FTP access and install phpMyAdmin (simply by uploading it to server).
Also, it's considered a bad practice to store password in DB, so it's very likely that the password itself is not stored, just its hash.
About 2-3 weeks ago I stopped using phpmyadmin and started using MySQL Workbench. Now, I can't connect to phpmyadmin. I tried connecting from two different computers and from the server. Tried connecting with at least 4 users and root. I am suspecting that this is Workbench's fault. During the time I used Workbench I made some changes to user privileges, but don't remember the specifics. I get "Wrong username/password".
Any thoughts ?
Looks like some of the comments have been deleted, but judging by what's left there was a suggestion for you to check your permissions for your user with hostname localhost, and it appears you did not understand that % is not the same as localhost. Many installations come with several root users, one for host localhost, one for host %, and sometimes a third for 127.0.0.1. This is normal and part of how MySQL handles permissions. TCP/IP connections match %, socket connections do not (they use localhost).
Another thing that's important to realize is that, when using phpMyAdmin, it doesn't matter what client machine you're using; what matters is what machine is the web server, since that's where the requests to MySQL come from. So you can easily get a bit confused if using a remote machine to connect to a web server running on the same machine via sockets to the MySQL server -- even though you're on a remote machine from the MySQL server, in this case it appears as a localhost connection to MySQL.
Anyway, very likely what happened was you were "cleaning up" extra users and removed one that had the opposite host value (either % or localhost); I'd simply recreate your user with the other host. That should clear it up for you.
I'm well aware this has been asked lots of times before but none of the answers so far has been applicable for me or solved the problem.
I want to run SQL Queries from Python using MySQLdb
I get
OperationalError: (1130, "Host '77-172-143-12.ip.telfort.nl' is not
allowed to connect to this MySQL server")
This IP (77-172-143-12) is
for configuring my own router (at home)
I should create a new USER for this
but I don't have the privileges to CREATE USER...s
The Privileges tab is missing from PHPMyAdmin, also when I use Firefox and delete all cookies.
I can't log in
with root and a blank password: I got only one username/login from
my web hosting company when I registered my domain with them.
The
database is on a remote server which I don't manage myself and I seem
not to have any access to any MySQL config files.
How could this possibly be solved?
UPDATE
I understood from the answers that I can't solve this myself since my hosting provider doesn't allow it (by default anyway). I'll contact them to see whether they're willing and able to do something about it.
If somebody else has the same problem: as a workaround I'll keep using my Python routines on my local MySQL database. I'll then use the Wordpress export and import tools to transfer my (updated) local database to the remote server where my website is located. That's not too bad since it will also result in frequent backups of my articles.
It's normal that phpMyAdmin does not show you the Privileges (or Users in recent versions) tab, since you're not privileged.
Usually, on shared servers, hosting providers also use a shared MySQL server, thus they won't allow you root access.
They usually also allow MySQL access only from their web server and not from your home machine, as an additional security measure.
You need to add your hostname (see myip.nl) as a new host in DirectAdmin and then you can connect to the database on a remote server from a local application (Python in this case). See the screenshot below (sorry it's in Dutch!)
I'm quite a beginner when it comes to working with networks and the like, so apologizes up front. A while back I set up a mySQL database locally on my machine, and have built a number of simple programs that work with it. (aka root:localhost sort of thing).
This has been great, but I'm now hoping to allow other colleagues at my work to access the database from their machines, but I have no idea how.
Likely there will be some network protection issues (firewalls etc), so that may need to be taken into account... (although I have IT's help on this, neither IT or myself really know what is required to 'connect' to the database).
For example, is it just an IP I need? Do I have to change the setup of my database? I understand that localhost would not work from my colleagues computer's, for obvious reasons, I have no idea what would go in its place for others to access it.
I also do not mind having my machine run as the dedicated database machine... I would not be able to run it off a dedicated server or anything like that, beyond my machine.
Any help would be much appreciated!
Thanks.
First of all, what your colleagues need are:
The IP Address where MySQL server is
running.
User and Password to connect remotely
Have the port 3306 open on the network
A MySQL Client (mysql workbench, mysql query browser, toad, heidi or just the Command Line tool).
When you create user in MySQL the have to be something like this:
'root'#'localhost'
That means, the user will work if you connect from localhost with the user root. So you can create user allowed to connect from anywhere:
'juanperez'#'%'
And finally you have be careful about what privileges are you granting to them. Do not forget to comment a line in the options file of the MySQL that says "bind-address" (this options prevents remote connection).
For example, is it just an IP I need?
Yes. You'll be much happier if you set up proper domain names, but a domain name is just an alias for the IP address.
Do I have to change the setup of my database?
No, but... You have to add some user credentials to support remote logins. That's a change, but not a change to a schema. It's changes to the permissions.
I understand that localhost would not work from my colleagues computer's, for obvious reasons, I have no idea what would go in its place for others to access it.
What MySQL Admin tools are you using? Often there is good help there.
You must read reference manual 4.1 or 5.0
For whatever version is appropriate.
It's very clear.
A user is identified by a username#hostname. You can specify IP addresses (or even "%" for the hostname.
You will use following commandline to connect -
mysql -u<user-id> -p<password> -h<your-hostname-or-ipaddress>
For applications running on different machines trying to connect to your database, you only need to replace 'localhost' with your machine's hostname or ipaddress.
In, general if you are able to ping your machine from a different system, your database can be connected to from that machine, just use whatever name you used for 'pinging' in place of localhost.
Use your workstation IP address or workstation name. You will need to enable remote access. Go to this link for how:
http://www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html