Is it possible for Mysql to encrypt its stored files (database scheme & data on disk) in a way that someone not be able to copy these files to another machine that and read them using his own installed Mysql root user?
if not is there a DBMS that be able to protect database stored files on disk by encryption?
Unfortunately, MySQL doesn't support data file encryption natively.
However, there are 3rd products out there like:
http://www.vormetric.com/products/vormetric_database_encryption_expert.html
To be honest, if the database content has any commercial value or contains personal data about individuals, you should really control who has access to the datafiles (whether encrypted or not).
To use the windows EFS encryption:
http://windows.microsoft.com/en-us/windows/encrypt-decrypt-folder-file#1TC=windows-7
Read more obout it:
http://www.petri.co.il/how_does_efs_work.htm#
!!! Don't forget to export the certificate !!!
If you are using windows EFS and starting MySQL as a service, you will need to do the following:
go to Services and find the MySQL service
stop the service
right-click -> properties -> LogON TAB
check "This account"
fill your windows account name eg. ".\username"
provide your password
start the service
The MySQL service should now start without errors.
Related
I own a machine running third party software. I input data into this software and it stores that data into its own mysql database. I'd like query the mysql database directly, but I don't know the credentials that the application is using.
I have read and write access for all files in the machine, including the files in the mysql data directory. Theoretically, I should be able to read the data directly from these files (.ibd and .frm files). But practically, I don't know where to start. I'm thinking that these data files are somewhat readable since encrypting them would destroy their index-ability.
Is this feasible? Or would I have to reverse engineer the data file format in order to read it?
Or even better - is there some config file that I can change which would implicitly trust all local connections similar to postgres?
You could read the mysql files directly, but even if they're now encrypted, the columns names might be weird and you could have to spend some time reading them.
Another point could be looking for config files from that software, that could have the login/password (very very low probability, but who knows?)
And the best would be:
make a backup of the mysql files
in another mysql instalation / computer (to not break your software), follow the reset mysql password guide
Try accessing it via the command line on the local machine:
shell> mysql db_name
(from MySQL documentation)
From here, you can create yourself an account if you need to connect from other client software.
Or have you already tried that?
If you have root access to the machine that MySQL is running on, then you can reset the MySQL root password by following the procedure at: http://www.cyberciti.biz/tips/recover-mysql-root-password.html. Once you've reset the root password, you can then login to MySQL as the root MySQL user, and access any of the databases, and query them. The only caveat to keep in mind is that changing the MySQL root password could potentially prevent your application from accessing the MySQL database, but that would be surprising as the application should be designed to connect to the database using a MySQL user account (with limited privileges) other than the root MySQL user.
At first I searched in Stack Overflow about the difference between MySQL and SQLite. So there is some answers but still I want to know something. When accessing MySQL I need to give host, username, password and database parameters. But when accessing SQLite I just give database name. Can anyone explain me this why, and for security reasons also, should not be there password for SQLite database, can not be it just downloaded for example from server, so I am totally stuck. So need your help.
The difference is that MySQL is a database server, while SQLite is a database engine that works against single database files.
You are correct that the SQLite database file could just be downloaded if it's placed right in the web application where anyone can reach it.
Most server providers offer a folder where you can place files like this, so that the web application itself can reach it, but it's not directly downloadable.
You can also optionally add protection to the SQLite database file. See this question:
Password Protect a SQLite DB. Is it possible?
SQLite is mainly used for mobile and tablet apps.So they are just used for a single system.
But in MySql its a complete database and can be used from multiple system. So for increasing security ,we have to give all these. So that no one can misuse the data...
SQLite is just a file. If you have read access to the file that is the implicit security model (as well as the possibility to use database encryption).
MySQL is a network service. It can listen on an internet facing socket, meaning anyone in the world can access it if they have the right authentication credentials.
SQLite is file based, MySQL is a service which runs on the server. With SQLite you don't need to enter the database name, but actually the database file.
If you put the database file at an inaccessible location, you should be totally fine and the user will not be able to download the file.
I have used MySQL for my application written by PHP. After a time its data will be great and I need to make a backup from them. Also, I need I can restore the backup data whenever I need. My question is if phpMyAdmin can make backup and resotore it secure and completely without any data lose?
(I have both MyISAM and innoDB in my database structore)
Also, if you know any other IDE to make backup and restore it without showing the database structures and tables to the end-user, please tell me their names.
Thank you.
If you're running MySQL on your own server you may copy the database folder, but the MySQL server would have to be stopped first. Anyway I'd recommend dumping the databases through phpMyAdmin (export function) or via the command line (mysqldump). Using the latter, you may write a batch script that also compresses and encrypts the content of the dump file.
Using the built in Import and Export? The only data loss would be everything after the backup until the time the backup was imported.
Securely? That's an entirely different topic. There's too many things to consider to call anything secure but if you're using https or on a trusted LAN, then yes, I guess it's secure.
I think MySQL Workbench can do exports and imports.
If would you wish to backup MySQL database more securely and periodically without loss of data to remote server or local drive (local hard disk or mapped drive), then you can try Vembu StoreGrid http://www.vembu.com/, a leading backup software trusted by more than 2700 service providers world wide. Once you configured single backup by selecting entire database then automatically newly added database will be backedup on upon next backup time. Also, StoreGrid backups only the incremental bytes of changes on next incremental schedule.
Vembu has a solution for almost everyone, just check them below:
For Service Providers : StoreGrid Service Provider Edition
For Business/Offices : StoreGrid Professional Edition
For Home Users: Vembu Home
For Resellers who don't want to have their own storage : Vembu Pro
For Hosting Providers: StoreGrid Hosting Provider Edition (yet to be released)
For your requirement, we would suggest the Professional Edition http://storegrid.vembu.com/online-backup/network-backup.php of StoreGrid. Try it!!!
Regards,
Thileepan
vembu.com
I am using SQL Server Management Studio running on my local machine.
I can log on to a remote box (database engine) and use the
Studio to create a database backup which is saved to a drive on the remote box.
How do I get it to save the backup to a drive on my local machine?
See this MSDN article, for the section on backing up to a network share, e.g.:
BACKUP DATABASE YourDatabase
TO DISK = '\\SomeMachine\Backups\YourDatabase.Bak';
Backing Up to a File on a Network
Share For SQL Server to access a
remote disk file, the SQL Server
service account must have access to
the network share. This includes
having the permissions needed for
backup operations to write to the
network share and for restore
operations to read from it. The
availability of network drives and
permissions depends on the context is
which SQL Server service is running:
To back up to a network drive when SQL
Server is running in a domain user
account, the shared drive must be
mapped as a network drive in the
session where SQL Server is running.
If you start Sqlservr.exe from command
line, SQL Server sees any network
drives you have mapped in your login
session.
When you run Sqlservr.exe as
a service, SQL Server runs in a
separate session that has no relation
to your login session. The session in
which a service runs can have its own
mapped drives, although it usually
does not.
You can connect with the
network service account by using the
computer account instead of a domain
user. To enable backups from specific
computers to a shared drive, grant
access to the computer accounts. As
long as the Sqlservr.exe process that
is writing the backup has access, it
is irrelevant whether the user sending
the BACKUP command has access.
STEP 1 : From sql-server 2008 connect to remote server
STEP 2 : Right Click server database
STEP 3 : Select Export Option
STEP 4 : Follow Instructions, Import to local server database and Backup from Local database
In Microsoft SQL Server Management Studio you can right-click on the database you wish to backup and click Tasks -> Generate Scripts.
This pops open a wizard where you can set the following in order to perform a decent backup of your database, even on a remote server:
Select the database you wish to backup and hit next,
In the options it presents to you:
In 2010: under the Table/View Options, change 'Script Data' and 'Script Indexes' to True and hit next,
In 2012: under 'General', change 'Types of data to script' from 'Schema only' to 'Schema and data'
In 2014: the option to script the data is now "hidden" in step "Set Scripting Options", you have to click the "Advanced" and set "Types of data to script" to "Schema and data" value
In the next four windows, hit 'select all' and then next,
Choose to script to a new query window
Once it's done its thing, you'll have a backup script ready in front of you. Create a new local (or remote) database, and change the first 'USE' statement in the script to use your new database. Save the script in a safe place, and go ahead and run it against your new empty database. This should create you a (nearly) duplicate local database you can then backup as you like.
If you have full access to the remote database, you can choose to check 'script all objects' in the wizard's first window and then change the 'Script Database' option to True on the next window. Watch out though, you'll need to perform a full search & replace of the database name in the script to a new database which in this case you won't have to create before running the script. This should create a more accurate duplicate but is sometimes not available due to permissions restrictions.
You can't - the remote machine has no information about your local machine's setup and cannot see the drives on it. You'd have to setup a shared folder on your local machine, and make sure the remote machine has access to it (which will mean both the SQL Server Agent and SQL Server services on the remote machine will need access to it via domain accounts).
If the remote machine is on the same network as your machine, see AdaTheDev's answer.
Otherwise you'll have to RDP or FTP into the remote machine and transfer the backup manually. I recommend 7-zip'ing it by the way.
Is there anyway to get in the server and recreate them?
I actually found a much simpler solution to this here:
http://blogs.msdn.com/b/raulga/archive/2007/07/12/disaster-recovery-what-to-do-when-the-sa-account-password-is-lost-in-sql-server-2005.aspx
The short version (in case that link dies) is that if you restart the sql server in single user mode "net start mssqlserver /m" then a member of the local machine's administrator group will be able to connect with windows authentication. You can then change the sa password, add new accounts, or whatever you need.
You'll have to reinstall the server as there is no "grip" available to run anything to restore the accounts or create new ones.
Since you can't backup your databases either (again, no way to get there from here) you'll want to stop the SQL Server service (MSSQLSERVER) in the Services panel so that it releases its exclusive lock on your database files. Next, navigate to C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data and copy all of the MDF and LDF files to a safe spot.
Next, uninstall and re-install SQL Server (you may be able to just reinstall). Once you are up and running again, copy the MDF/LDF files back (NOT the model, msdb or master databases!! Just the ones that YOU have created) and "attach" them in a SQL window. You'll do all of this with the Windows integrated account.
Does the surface area configuration tool still work? If so you could attempt to use that to add another admin to the instance.