Due to security considerations from my provider, I am not able to MySQL Workbench to connect to my database. The only way to access my database is to use phpmyadmin. Because I'm used to use MySQL Workbench and their tools, it is for me much easier to maintain my database. Using phpmyadmin is annoying, so I'm googeling a solution to use anyway MySQL Workbench. Is there a way to break this security consideration or to connect MySQL Workbench through phpmyadmin to gain access to the database?
If your hosting provided did it recently then I am pretty sure it is must be a response to this terrible security flaw discovered in mysql last month. The attack is as simple as running that one line shell command.
Not all OS/MySQL combinations are vulnerable. In case your hosting company was, then for a few moments - all customers
logins were at stake (including the root login).
To answer your question, unfortunately you can not do much in this case. You cannot do any port forwarding tricks even if you have shell(ssh) access because normally port forwarding isn't allowed in shared hosting environments.
In case you want to try, you can run this command on a unix box
$ ssh -L 3306:localhost:3306 username#yoursite.com
If you can login and don't see any errors related to port forwarding, perhaps your can direct your workbench to localhost on port 3306 and theoretically it should work.
If you are using windows you can use putty to do port forwarding as described here.
I think no. Only changing table Users in MySQL you can access from other IPs and hosts. And this table is not accessible by other users.
Related
About 2-3 weeks ago I stopped using phpmyadmin and started using MySQL Workbench. Now, I can't connect to phpmyadmin. I tried connecting from two different computers and from the server. Tried connecting with at least 4 users and root. I am suspecting that this is Workbench's fault. During the time I used Workbench I made some changes to user privileges, but don't remember the specifics. I get "Wrong username/password".
Any thoughts ?
Looks like some of the comments have been deleted, but judging by what's left there was a suggestion for you to check your permissions for your user with hostname localhost, and it appears you did not understand that % is not the same as localhost. Many installations come with several root users, one for host localhost, one for host %, and sometimes a third for 127.0.0.1. This is normal and part of how MySQL handles permissions. TCP/IP connections match %, socket connections do not (they use localhost).
Another thing that's important to realize is that, when using phpMyAdmin, it doesn't matter what client machine you're using; what matters is what machine is the web server, since that's where the requests to MySQL come from. So you can easily get a bit confused if using a remote machine to connect to a web server running on the same machine via sockets to the MySQL server -- even though you're on a remote machine from the MySQL server, in this case it appears as a localhost connection to MySQL.
Anyway, very likely what happened was you were "cleaning up" extra users and removed one that had the opposite host value (either % or localhost); I'd simply recreate your user with the other host. That should clear it up for you.
Ok so I've read this countless times that under Remote MySQL in your cpanel (I host with namecheap) that you shouldn't add 127.0.0.1 as a host to allow remote connection to your database since it could be a security risk.
However, I wanted to know if there is anyway I can connect to my MySQL database on my hosting server from my local machine.. instead of using the MySQL thing that comes with WAMP since I hate transferring databases back and forth after I develop for a week on my local machine. The data tends to not stay consistent over time and it gets tiring having to drop your database and reupload it with the newest tables.
So I was wondering if there was a way to allow this connection without exploiting a security risk? So I don't have to have two separate databases..? Unless it's safer to keep up with this practice..?
Thank you!
And I know the IP changes often on your machine (a dynamic IP I believe is what it's called) so is there anyway I can have an unlimited connection no matter if the IP changes?
I'm not sure why they would say not to add 127.0.0.1 - that's the local machine, which means that people from the outside can't access it. So you have skip-networking turned on and you're connecting through a local UNIX socket? Are you sure it didn't say not to add anything other than 127.0.0.1?
Do you have SSH access? If so, you can easily use SSH tunneling so that you'll only have to connect locally with a command like
ssh -L 3307:localhost:3306 -N yoursever.com
Then you connect locally on your home machine to port 3307 (you can make this 3306 but you said you develop your database locally as well, so in that case you'd need a different port). Then the packets go through SSH and magically appear at the database, looking as though they had come from the same machine. The security there is all done by SSH, which is great because it has "secure" right in the name, without opening additional ports (assuming that you have the SSH daemon running)
I'm quite a beginner when it comes to working with networks and the like, so apologizes up front. A while back I set up a mySQL database locally on my machine, and have built a number of simple programs that work with it. (aka root:localhost sort of thing).
This has been great, but I'm now hoping to allow other colleagues at my work to access the database from their machines, but I have no idea how.
Likely there will be some network protection issues (firewalls etc), so that may need to be taken into account... (although I have IT's help on this, neither IT or myself really know what is required to 'connect' to the database).
For example, is it just an IP I need? Do I have to change the setup of my database? I understand that localhost would not work from my colleagues computer's, for obvious reasons, I have no idea what would go in its place for others to access it.
I also do not mind having my machine run as the dedicated database machine... I would not be able to run it off a dedicated server or anything like that, beyond my machine.
Any help would be much appreciated!
Thanks.
First of all, what your colleagues need are:
The IP Address where MySQL server is
running.
User and Password to connect remotely
Have the port 3306 open on the network
A MySQL Client (mysql workbench, mysql query browser, toad, heidi or just the Command Line tool).
When you create user in MySQL the have to be something like this:
'root'#'localhost'
That means, the user will work if you connect from localhost with the user root. So you can create user allowed to connect from anywhere:
'juanperez'#'%'
And finally you have be careful about what privileges are you granting to them. Do not forget to comment a line in the options file of the MySQL that says "bind-address" (this options prevents remote connection).
For example, is it just an IP I need?
Yes. You'll be much happier if you set up proper domain names, but a domain name is just an alias for the IP address.
Do I have to change the setup of my database?
No, but... You have to add some user credentials to support remote logins. That's a change, but not a change to a schema. It's changes to the permissions.
I understand that localhost would not work from my colleagues computer's, for obvious reasons, I have no idea what would go in its place for others to access it.
What MySQL Admin tools are you using? Often there is good help there.
You must read reference manual 4.1 or 5.0
For whatever version is appropriate.
It's very clear.
A user is identified by a username#hostname. You can specify IP addresses (or even "%" for the hostname.
You will use following commandline to connect -
mysql -u<user-id> -p<password> -h<your-hostname-or-ipaddress>
For applications running on different machines trying to connect to your database, you only need to replace 'localhost' with your machine's hostname or ipaddress.
In, general if you are able to ping your machine from a different system, your database can be connected to from that machine, just use whatever name you used for 'pinging' in place of localhost.
Use your workstation IP address or workstation name. You will need to enable remote access. Go to this link for how:
http://www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html
I need to connect to an SQL database to see how many records it is holding. I cannot access phpmyadmin and no one seems to know the host name or port. All I have is the username and database name.
How can I find the information I need?
If it's on the same computer that you are working on, then the hostname is localhost and the port is default (3306).
...or if you have terminal/console access to the machine the database is running on, run the command:
mysql -u<user> -p<password> -d<database>
to log on to the database.
Find someone, anyone, who can connect to the database you need to connect to.
Then you can examine their setup - and connect to the same place.
Otherwise, you're into port-scanning across the machines in your network. Beware of intrusion detection systems. Be clever about it. And scan your machine(s) first.
if it is on your network you can scan for the default SQL port that Mikhail has referred to.
We have a fairly simple M$ Access db, split into front-end (forms, reports, etc.) and back-end (tables). Currently looking for a way to get the tables with all the critical data off of one desktop and hopefully into a MySQL database on our web host, and be able to connect to it from multiple PCs (still probably only one or two people connecting to it at any give time), and eventually, hopefully, migrate to a web application when time allows. Many of the examples I've read about people connecting an Access db front-end to a MySQL back-end seem to imply that they are doing so on a LAN, probably behind a firewall, etc.
Is it at all safe to connect a M$ Access front-end to a MySQL backend when that mysql server is running on a remote web host? Does the ODBC connector take care of encryption?
TIA,
Monte
You could use putty to mount a ssh tunnel to your mysql server and redirect the remote mysql port to your machine.
Using putty is pretty straightforward:
Give it your mysql server dns name as the host and go to "Connection/SSH/Tunnels", there you define the local port to connect in the "Source Port" field (e.g. 3307).
In the the "Destination" field put the dns name of your mysql server followed by a colon and the port mysqld is running in (e.g. mysql.example.org:3306).
Save this as a profile then connect and the remote mysql port will be availbable locally on port 3307.
Just make sure you restrict the user because by default he will have an ssh shell on the server.
Setting up key authentication would also be practical because you won't have to enter a password to connect to the server (but be sure to protect your key on disk by encrypting it).
EDIT: It seems the mysql odbc connector support ssl, you could use that too but I'd personnally choose to use SSH anyway as you will have it already on your mysql server.