SQL Component Connection issue in IDE - mysql

Good evening guys.
I'm currently trying to get started on development of a project to make my own life a little easier. Essentially, i want to connect to a MySQL database running on a remote server, and then go from there with a few various options for usage. The database in question is used for a Joomla! installation, and my focus will primarily be managing articles from a desktop application (as opposed to using the administrator backend on the website).
I've allowed my own host access to the remote servers (via the CPanel web interface used by my hosting provider), and ensured that LIBMYSQL.dll is inside the RAD Studio\9.0\bin folder and again inside my executables folder (so as to avoid any of the issues related to being unable to init. the driver). I've connected to the server successfully by using MySQL Workbench and can freely query the table. Now, onto the problem.
This is my first database application so please understand that a simplified or excessive explanation may be needed
I'm having issues setting some of the component properties at design time. I've got a TSQLConnection component, a TSQLDataSet component, and a TSQLTable component. I've set up the server properties in TSQLConnection to work with my server.
However, if i try to retrieve anything from the database inside the Delphi XE2 IDE (i.e. the login prompt appears) such as changing Active property to true, i get a Can't connect to MySQL server on 'xxx.xxx.xxx.xxx' (10061) error (where 'x' relates to part of my servers IP).
If i run the application itself though, and then click on the "connect" button i've got on the interface, it connects fine with no errors. I added ShowMessage routines to the AfterConnect, AfterDisconnect, and OnLogin events of TSQLConnection to verify it was actually going through, and all of them functioned as i'd expect when successful. As i've not coded for it to do anything outside of that (due to still learning the basics), there's no data visible on the interface for me to work with, but the connection at least appears to be there.
To clarify, i can connect from the application i developed (as well as from MySQL Workbench, but not from within the Delphi IDE itself.
So, where am i going wrong with this?
I'm guessing it's probably some oversight by myself due to my lack of knowledge on the subject of databases, but i'm very keen to expand out of the desktop environment and start working with some more areas of the IT world (without losing the development side of things that i enjoy so much).

As #SertacAkyuz pointed out in the original comments, it was indeed an issue related to my connection, specifically Firewall settings. I had assumed that "Connection Refused" was related to the connection attempt being made, but being actively refused by the remote server. The more you know.

Related

The partner transaction manager has disabled its support for remote/network transactions in MSharp

The main issue here makes it different from other available problems and solutions (here) is that, I am working with a previously working M# project and right now after upgrading to M# v4.8.334 (or maybe some other modifications regarding Visual Studio 2017 installation), if I want to add any new fields to any entity in MSharp IDE, it gives the following error
Base issue: The partner transaction manager has disabled its support
for remote/network transactions. (Exception from HRESULT: 0x8004D025)
One important point to note is that for newly created projects it is working correctly without this exception so my DTC settings and service are configured correctly.
Updated:
my main issue was my app SQL database connection string which I have changed it from default local instance in web app web.config , to remotely hosted production database and after changing back that connection string this issue gets resolved
it is useful to note that there is another database with .DesignTime suffix which is created beside your app .temp database and I searched for designTime in content of files in the project and did not found any trace of it, so it seems that you do not have much control over it and in design time maybe M# IDE is looking for it beside you db, beside the fact that DTC service must be running on remote server
for anyone looking for more correct DTC setting which is recommended by MSharp company note the following image

Duplicating existing cakephp app for development

I need to make a development version of a cakePHP app with its own db so that a developer can work on it without disturbing the current users.
I thought it would be simple, I just copied the entire director /project to /project_dev and then copied the DB "project_db" to "project_db_dev". Then I went into /project_dev/config/database.php and changed the db to "project_db_dev".
When I went to see what I had done, I saw the app was still connecting to the same db, as if I'd changed nothing. I realized that the original folder name was referenced in /app/webroot/.htaccess so do I need to find/replace all instances of that folder name?
What steps should I follow to duplicate an existing cakePHP app?
You need to setup some kind of development lifecycle.
Generally speaking the developer shouldn't be doing any development on the server. The best way to handle it is locally using a stack of some kind such as Lamp (Linux, Apache, Mysql, PHP) switch out linux with other OS's. There are multiple cloud solution to these environments to such as Koding.com
Using something like Git for version control the developer can develop locally then push the code through to the server after is being thoroughly tested locally or on a dev server or some kind.
Keeping Dev work and Live work away from each other is key.
Could do with a bit more information.
If both databases are hosted on the same server and you have permission to access them both with the same user then all you have to do is change the name of the database in your database.php
If not you will also have to update the IP and any other additional settings port etc.
If you are still having troubles email me simpsond1988#gmail.com

Intermittent MySQL Connection Error in Azure Website

I'm getting the following error intermittently when making a call from my ASP.Net MVC web application which is using Dapper to query MySQL.
Unable to connect to any of the specified MySQL hosts.
The exception only occurs when my web app is published to Azure. It has worked 100% of the time when I run the code locally. I've deployed the code to a second azure website, and also get the exception there, again intermittently.
The MySQL database is running on an Azure VM (Ubuntu). This server also has some R scripts that access the database, which are being run at a set interval. I've had no connectivity issue with these either. It is just the .Net code that's struggling.
I've scoured the web, but don't feel like I've turned up anything of value. Most of the links have pointed to a connection string problem, but since it works intermittently that doesn't seem to fit my problem. Some links have referenced DNS issues, but I'm getting the same problem when I use the IP Address instead of the machine name for the DNS server.
I'm sure I need to track down more information, but I'm not sure where it would be. This is my first foray into using a MySQL db in this fashion, and I'm not familiar with config options or log files on that side of things. I feel similarly about Azure websites with database interactions too.
What can I try next?
Just to drive home the point about this error being intermittent, here's a screenshot from the Runscope job that's hitting the page (thus triggering the MySQL query) every 5 minutes:
I was able to fix (or perhaps "circumvent") this problem by adding the --skip-host-cache flag to our mysql configuration file. I still don't fully understand what the root of the problem is, but we haven't had any issues with MySQL connectivity from the Azure website since adding that.

MySql Database Hacked, NOT injections

Three weeks ago, I found a list of my website's users and info on Paste Bin giving away all privacy. I ran updates and protected against SQL Injections. I also added a pre-request to save the SQL in text format in a LOG table whenever user input is required to be able to analyse any injection if my protection wasn't enough.
Then today the same post was on Paste Bin again with recent entries so I checked the LOG table to find only clean entries. Is there anything else than injections I should worry about? The web seems to give info about Injections only!
Could they have had access to the dbpassword in a php file on the server and could they have connected from and external server?
Should I change the dbpassword frequently?
Are there any solution non-script wise like hosting security plan or something like that which should be efficient enough?
I am receiving physical threats from hacked users and would really like to close this quickly...
If you're implementing your own protection against user input, you're probably doing it wrong. Most standard database libraries will give you a way of passing in parameters to queries where it will be sanitised properly, and these will have been coded with more things in mind than you're probably aware of. Reinventing the wheel in anything security-related is a bad idea!
Other things to worry about:
Password policy (strong passwords)
Access to your database server (is it firewalled?)
SSH access to your server (again, firewalled?)
Keeping all of your software up-to-date
Just to add to the other answers that you've had so far. If someone is posting the contents of your database online then you need to assume that the server(s) running the application and database have been compromised, as once they've gained initial access, it's likely that they'll have placed root-kits or similar tools onto the server to keep access to it.
As to how they got in there's a number of potential options, depending on the architecture of your solution, and it's imposssible to say which is the case without more details. Some of the more likely options options would be
SSH passwords
Administrative web apps (e.g. PHPMyAdmin) with common passwords or vulnerabilities
Access via hosting service (e.g. weak passwords on administrative login panels)
If the site is PHP based Remote File Inclusion issues are a distinct possibility
If you can I'd recommend engaging a forensics or incident response company to help you recover the data and rebuild, but failing that I'd recommend getting a backup from before the compromise and using that to rebuild the server, then ensure that all software is updated and patched and passwords are not the same as the compromised system, before bringing it online.
The best protection for this is to allow connections to the mysql database only from the machine where your application runs.
First of all, make sure, network access to the MySQL database is "need to know" - in most cases this is a simplye bind-address 127.0.0.1.
Next change the DB password, just because yes, you can (C)
Now think of this: If somebody got your DB passwd from your PHP files, you already are in deep s***t: Nothing stops him or her from just repeating that stunt! You need to audit your application for backdoors (after the fact problem) and how the guys got in there (before the fact problem). Check your apache logs for requests with unusual GET parameters - a filename in there mostly is a dead givaway.
I agree with Razvan. Also if you're running any CMS or prepackaged web pages, make sure they're the latest version. They most likely access as localhost from the web server. Hackers follow the change logs of those and every time a security patch is released, they attack published vulnerabilities on servers running the older version. It's often performed in bulk by crawlers. Odds are they have a database with your server listed as running old versions of things.
First you need to ensure that this "php file" containing the DB password(s) is not within the web root directory, otherwise they could simply access it like: http://mydomain.com/dbpassword.php.
Second, immediately change the passwords used to access your database.
Third, ensure that mysql will only accept connections from 'localhost', vs allowing connections from anywhere; '%'. And if it is a dedicated server, then you should "harden" the box and add an IP rule to IPTables where mysql access is only allowed from the server's IP. These changes would ensure that if they did get your db username/password creds, they can not access the database from a remote computer, instead they would have to exploit your application, or ssh into your server to gain access to your database.
Next, you should disable all user accounts to your site, and force them to update their passwords using a closed loop verification process. This will ensure no ongoing malicious activity is occurring with your users or their accounts.
These are just a few steps to take, there are others such as tracking local users login activity. It is possible that one of your system's user accounts has been compromised (rooted). The point is, you need to consider all points of access to your system and services therein, if you are unable to do it, it may be time to hire or contract a seasoned sysadmin to help you.
If this is shared web hosting, and another user is logged in with shell access and is able to guess the path to your web root, and the password configuration (PHP or other script) file is world readable, then the user can read it.
This is one of the most common vulnerabilities and is very easy to exploit.
If this is the case:
To correct the issue, you need to move the configuration file out of your web root folder and/or change the permissions on it so that it's not world readable, and then change your database password.
Most likely, the user would not be able to inject anything into your application.
Changing the database server so that it's only accessible locally or to your web server would do no good, since the malicious user would be on the same web server and still be able to access it.
If you did not see any malicious queries, then they are probably accessing your db via the MySQL command line (or PHPMyAdmin or other tool), and not through your application.
Enabling the general query log would allow you to see all queries in plain text in the log, but if this is shared web (and MySQL server) hosting, you probably won't be able to enable this.
This is something you may wish to report to your web host. They may be able to find the attacker and suspend their account or provide you with evidence.

How to access phpMyAdmin on remote server

For my websites I use Dreamhost. Dreamhost requires you to create a hostname (ex: mysql.mclindigital.com) that the database will reside on. For me it's simple, if I want to access phpMyAdmin, I simply navigate to mysql.mclindigital.com, and it enters into phpMyAdmin automatically.
Apparently Dreamhost is in the minority using this method, because most people seem to use "localhost". So, how do I access phpMyAdmin for these websites? Will I need to get their Web Panel login info to browse around for this info?
As an example, I had a past client and I had to go here: http://216.120.237.104:2082/3rdparty/phpMyAdmin/index.php to get into their phpMyAdmin. I never really understood what I was doing, but it just worked. Now I am in the same situation, but this time the client isn't as tech-savvy and is unable to give me the URL I need to go to.
Also, I should point out I am not 100% certain that they have phpMyAdmin installed. I do know they have a database however, because they are running a Wordpress Blog.
There is nothing magic or special about phpMyAdmin. It is just
a bunch of php scripts.
Some webhosts(Such as dreamhost) may install it as standard
similary to formmail and a bunch of other tools they may install.
Your problem is most likely that you client don't have
phpMyAdmin installed, and the easy solution(If you have ftp access)
is to go to http://www.phpmyadmin.net/home_page/index.php download
phpMyAdmin, configure it and then just upload it to their ftp server
your self. Then you can acces it similary to any other php script.