I am trying to create a host table in phpMyAdmin for user access and while there is this option below, I cannot find this table to add hosts nor any instructions to create one.
Am I missing something?
Field: Use Host Table
Description: When host table is used, this field is ignored and values stored in Host table are used instead.
Thank you in advance
As of MySQL 5.6.7 the host table is no longer included in the installation of MySQL.
https://dev.mysql.com/doc/refman/5.6/en/grant-tables.html
It used to be that you could use the host table (located at mysql.host) to define allowed hosts for a specific database. It worked something like this:
A user would try to do something (let's say INSERT).
The server would look in the mysql.user table to see if the user had global INSERT privileges.
If the user didn't have global INSERT privileges the server would then look in the mysql.db table to see if the user had DB specific privileges.
If the user had DB specific privileges and the mysql.db.Host field was empty the server would look in the mysql.host table for any hosts that matched the Db field of the mysql.db.Db field.
Assuming it found a match it would allow the INSERT.
If you want to have multiple hosts for a given user read the following:
http://dev.mysql.com/doc/refman/5.6/en/account-names.html
Since a MySQL username is actually 'name'#'host' you could always add multiple users with the same name but different hosts and give them the same privileges.
Why does phpmyadmin still include this feature?
I can only assume that it is for legacy support.
Related
I have a remote device that must login to mySQL database, but will not permit special characters on the username field.
When I create a new username, it appends #databasename.
So for example if I create a user called testconnection, it wont work by itself, I must use testconnection#databasename as username.
How can I create a username that is not automatically appended the database name?
This is MySQL principle, you could fin the principle in the official document:Adding User Accounts. The # is used to specify your host.
It's not the azure mysql appends #hostname, actually it's %, account uses the % wildcard for the host part, so it can be used to connect from any host.
And if you create with like this code without hostname:
CREATE USER 'new_master_user' IDENTIFIED BY 'StrongPassword!';
it will append %.I add an user with % to make the error happens.
And in MySQL workbench you could find if you set the Limit to Hosts Matching null, it will prompt Host name must not be blank. So the hostname is a required parameter.
Why would a user with permission to only select be able to edit a record in phpMyAdmin? How can I prevent the edit?
This is the permissions screen:
If the user is able to edit and save the row in phpMyAdmin, it's because the rights at the MySQL level permit this action. Ultimately it's MySQL that controls what is possible, not phpMyAdmin. Note that it's a combination of username + hostname that applies, so maybe there is the same username with a different hostname that is defined. Also, there can be rights at the global, database, table and column levels.
I try to execute query in phpmyadmin and get error:
#1142 - SELECT command denied to user 'cpses_tkdpmnyjWW'#'localhost' for table 'user'
So, user cpses_tkdpmnyjWW'#'localhost is created dynamically and I can not set privileges for this user.
How to fix this?
Use SHOW GRANTS to show your current user privileges. It sounds as though the output may be similar to:
GRANT USAGE ON *.* TO 'Unnamed'#'localhost'
This would mean the account could sign into the server but do little else. This page gives a more detailed breakdown, as you'll see there are quite a few permutations.
The solution is you need to either find an account with more privileges or create/update one.
If the above is not an option, one quick trick I may try is connecting to '127.0.0.1' instead of 'localhost'. In MySQL the source of the connection can form part of the username so it's plausible that connecting on an IP instead of socket if you are on Unix flavoured OS.
Additionally, if you have admin/root access to the server, it is possible to create users when MySQL starts which is very useful in some scenarios.
Good Day
I am a front-end developer, and I know little from MySQL and databases.
I have a Wordpress MySQL database in CPanel. Now I forgot my password, and the password for my user as seen in phpmyadmin is hashed/encrypted.
How do I get the password?
NOTE: I do not have access to the Server since this is a website on a shared hosting account, so doing the following is not possible for me:
See this post on Stack
Stop the MySQL process.
Start the MySQL process with the --skip-grant-tables option.
Start the MySQL console client with the -u root option.
List all the users;
SELECT * FROM mysql.user;
Reset password;
UPDATE mysql.user SET Password=PASSWORD('[password]') WHERE User='[username]';
But DO NOT FORGET to
Stop the MySQL process
Start the MySQL Process normally (i.e. without the --skip-grant-tables option)
when you are finished. Otherwise, your database's security could be compromised.
If your website is working you can probably find the mysql user/password
in the config.php file in your wordpress filesystem.
Otherwise:
Your best option is probably to add a user to the database and give it the needed privileges, to do that:
Click MySQL databases.
Create new user.
Assign new user to your database.
Edit config.php on your wordpress filesystem and change to the new username.
This is sub optimal, but will work.
There is a simple way for you to gain access to your WordPress user info if you don't know the password. I'm assuming you are talking about a WordPress user password retrieval. You need to have access and edit privileges to your database to do this.
-Open up phpMyAdmin or however you prefer to access database tables
-Select your database
-Open the table wp_users
-Under the column 'user_login' you will need to find which entry you want to access. Your username should be in one of the row entries.
-Once found, there will be a 'user_pass' column as well. Now some explaining needs to happen. You cannot retrieve your password without hacking/brute forcing that encryption. These are MD5 hash encrypted passwords. What we are going to do is just simply create a new password here. All you have to do is Google "MD5 Hash generator". I tested this on the first result I found and it worked.
-Once you find a website with a generator just simply type in your password and then retrieve the hash that's given to you. For example I typed in 'password' and I receive '5f4dcc3b5aa765d61d8327deb882cf99' Now we have a new encrypted password to set. If you are worried about sites saving your password entries or hashes just make up a password as a temporary fix. Then you can just login with that and change the password via the WordPress Dashboard later.
-Select the row that your username is in. Click Change/Edit then just copy and paste the entire MD5 Hash into the wp_pass column.(Overwrite the old password btw.) Save/Go/Execute to make sure the table was re-written. In this example I would be pasting '5f4dcc3b5aa765d61d8327deb882cf99' into the column without quotes of course.
-Please be sure to only change the 'wp_pass' entry and to make sure it's corresponding to the correct username.(On the same row)
-Now you should be able to login with your new password.('password')
Say you created a blog application, and it's data is stored in a MySQL database. In your application configuration you set the data source name to myBlog user root password whatever
Now, when users start using your blog to access, post to, and comment on threads, etc... I am assuming they connect as root through the application myblog ...
So... users connect to the application myBlog who in turn connects to MySQL as user root , using password whatever --- it's not really the users that are connecting to MySQL, it's the application. Correct?
Is there not a security issue with this approach? Should I create a new username in MySQL for the application myBlog with specific privileges and leave root only for administering the database?
yes, the application connects to the db. you should create a new mysql user for your application, do something like
CREATE DATABASE myblog_env;
CREATE USER 'myblogenv-user'#'%' IDENTIFIED BY 'your pw';
GRANT ALL PRIVILEGES ON myblog_env.* TO 'myblogenv-user'#'%' WITH GRANT OPTION;
something like the above should do it. The 'env' part of the above is for if you want to create a new db for difference environments, like dev, stage, prod, whatever....
this way your application user has complete access to its db, but no other dbs in the mysql instance.
First of all, you should NEVER use the root account of a mysql database for anything else then admin work.
Second of all, in theory yes the user of your blog would be the "root" in your mysql database, but hopefully there is a lot of sanatizing and cleaning up in your blogs code before any queries are executed...anything else would be know as an "sql inject"
You are exactly right. This is called the principle of least privilege. You should give the application the minimum access rights that it needs to complete the job. This would not be root.
The short answer is: Yes.
Long answer:
Security: You should have a different user for your application than you do for yourself as the administator. That application user should only have read (and write if necessary) privileges on the specific database it needs to access. Also, it should not have privilege-granting privileges, nor drop table privileges, nor database creation/dropping privileges, nor anything else that is reserved for you.
Convenience: If you ever need to change your password, you don't want to have to change your application, and vice versa.