Differences between SQLite and MySQL - login and security - mysql

At first I searched in Stack Overflow about the difference between MySQL and SQLite. So there is some answers but still I want to know something. When accessing MySQL I need to give host, username, password and database parameters. But when accessing SQLite I just give database name. Can anyone explain me this why, and for security reasons also, should not be there password for SQLite database, can not be it just downloaded for example from server, so I am totally stuck. So need your help.

The difference is that MySQL is a database server, while SQLite is a database engine that works against single database files.
You are correct that the SQLite database file could just be downloaded if it's placed right in the web application where anyone can reach it.
Most server providers offer a folder where you can place files like this, so that the web application itself can reach it, but it's not directly downloadable.
You can also optionally add protection to the SQLite database file. See this question:
Password Protect a SQLite DB. Is it possible?

SQLite is mainly used for mobile and tablet apps.So they are just used for a single system.
But in MySql its a complete database and can be used from multiple system. So for increasing security ,we have to give all these. So that no one can misuse the data...

SQLite is just a file. If you have read access to the file that is the implicit security model (as well as the possibility to use database encryption).
MySQL is a network service. It can listen on an internet facing socket, meaning anyone in the world can access it if they have the right authentication credentials.

SQLite is file based, MySQL is a service which runs on the server. With SQLite you don't need to enter the database name, but actually the database file.
If you put the database file at an inaccessible location, you should be totally fine and the user will not be able to download the file.

Related

Is it possible to access/edit a remote SQLite3 database with Sequelize from a website

So I have an SQLite3 database with Sequelize on a VPS and a Website I hosted on Hostinger.
Is it possible to access and edit the data in the database from the website?
Any help is appreciated.
[my code is in nodejs]
Yes and No.
Easy and simple answer - now;
Longer - yes, but you would need to map the directories, so server running your sequelize will think it accesses normal directory.
You can download the database, edit it and then send it back. sqlite3 is file database, you dont really connect to it (usually)
SQLite is a database format based on a single file. It's simple but not massively performant. It has no networking features.
The SQLite client needs to have access to the filesystem that the database lives on.
If they are on different computers, then you could do it by using some kind of network filesystem (e.g. via fuse) but this would be really slow.
A better approach would be to run a webservice on the computer the file is stored on, and access the database through there.

Where can I find my mySQL database (using locate doesn't help)?

First ever Stack Overflow post, thanks for your time. Any constructive criticism on how to post better, please just let me know. I have done a search on my query and have found similar posts, but I was unable to use the information within them to resolve my problem.
I have created a mysql database using the terminal window in my Ubuntu system (which I am also new to, having been a lifelong windows user). I used the following code in the terminal window:
$ mysql -u root -p
Then once in mysql, I did the following
CREATE DATABASE securities_master;
USE securities_master;
I created a user and tables in the database using some other code, that doesn't seem relevant here, so I won't bother posting. However, I then decided I would like to take a look at the tables in the database, so I downloaded an SQLite browser. It was at this point that I realized I could not find my database file.
I tried to find the answer on previous stack overflow posts, and tried the suggestions of:
locate sqlite
locate .db
locate .sqlite
locate securities_master
But unfortunately, none of these showed the file I was looking for. The only place I can think of would be what is called the 'root' directory in my computer, but the Ubuntu file manager system won't let me view it because it says I don't have permissions. Is this where it might be?
Could someone shed some light on where I might be able to find this file/database? I know it is definitely there because if I try to CREATE it again, I get the message that it can't because it already exists.
Thanks again.
sqlite and mysql are two different databases. You can't use sqlite on a mysql database. sqlite is a single-file database, in which users just open the file and read and write to it, while mysql is a more traditional relational database system with a server and a client, where the server manages the database (which is generally in a directory of files), while the client just connects to the server.
Where the mysql database is located my depend on your system, but it's usually in /var/lib/mysql. You can look in /etc/mysql/my.cnf for the configuration file, which should have a datadir option that refers to where the actual data for the database is stored.
You can check my.ini file to see where the data folder is located.
Usually there is a folder {mysqlDirectory}/data
MySQL data storage:
Commands.frm
Commands.myd
Commands.myi
The *.frm files contain the table definitions. Your *.myi files are MyISAM index files. Your *.myd files contain the table data.
as mentioned in the answer before mine, mysql and sqlite are two different systems.
You mention you used the cmd line mysql to create the database and then wanted to view the tables. If you're simply trying to see which table are created, in the same command line you used to Create the database you can run show tables;
If you're after a GUI for this, we'd need a bit more context. Is this ubuntu system a remote server, or are you using the desktop version?
You say you're a long time windows user, If you're using windows locally, I personally like SQLWorkbench for accessing my remote mysql servers.
EDIT: I just re-read your post and realised you're using local ubuntu desktop so me mentioning remote was silly, my bad! However, SQLWorkbench does have a ubuntu version at https://dev.mysql.com/downloads/workbench/

MySQL database hosted online

So I have created a mysql database hosted at db4free.net, and am able to access it easily from the command line or from java. My concern however, is I can only access it using my own username, password credentials. I tried to create user, but it appears I cannot as I get Access Denied. I'm assuming I don't have privileges to create users from this hosted database.
Now I want to include access to this online database in my application, but I don't know how without having major security issues. The only apparent way for another user to connect would be to include my own username, password credentials for the database but that is very unsafe.
Any ideas on how I can provide database access to users safely ?
From the front door page of the service you're using:
What db4free.net is not
db4free.net is a testing service which means it is not suitable for
production. There can be outages, data loss and security features do
not meet the standards which you expect from a professional data
hosting provider. If you need a MySQL database for production use,
please do not use db4free.net!
This seems pretty clear to me. Don't do what you're hoping to do!
Plus, it's not a good idea security-wise to open up a MySQL server to the public internet without using secured connections. Even then it's questionable. Somebody who reverse-engineers your app can pwn your database.

How do I migrate a SQLAnywhere 9 db running in a remote server into a mysql server on my machine?

I am working at a company that has some CRM software running in a remote Windows XP server that uses a SQLAnywhere 9 db to store its data; I have access to this remote server with an administrator account.
I would like to extract the db into a .sql file so that I can run the db locally on my machine without affecting the running db in the server (since it is key for the company's day to day operation).
The reason I need this is that we are going to test some BI Software and we need data from this database to test it, but we don't know the structure of the database since the developers of the CRM software didn't give us any documentation on it. So we need to have the database locally so that, without affecting the running CRM, we can:
understand the structure by looking at the DDL
make queries to it to get sample data
I researched a bit, and the most common solution to my problem was to use dbunload on the remote server to unload the db into a reload.sql file that contained what I needed. But most tutorials on the subject mention that I have to stop the db first (which would be catastrophic). If this is the only option, then I guess I am willing to do it on the weekend when the CRM is not used, but I wanted to know if there was another solution first.
If there is no other solution, can you point me to where I can find the proper and safer way to do this?
I have researched a lot, but prior to this day I have never even heard of SQLAnywhere, so I really need all the help I can get. My main concern is doing something that impacts negatively the CRM software.
Thank you.
You can run dbunload across the network, you just have to tell it to do an "external" unload. The default is to do an internal unload which would only work from the machine where the database server is running.
I don't have SQL Anywhere 9 documentation right now to look up the exact switch, but dbunload -? should show you all the possible switches.
Edit:
-an will create a new database and load the data and schema from another data
-xi switch will do external unload and internal reload.
-c parameters to connect to your remote database

Gaining access to mysql given physical access to the machine

I own a machine running third party software. I input data into this software and it stores that data into its own mysql database. I'd like query the mysql database directly, but I don't know the credentials that the application is using.
I have read and write access for all files in the machine, including the files in the mysql data directory. Theoretically, I should be able to read the data directly from these files (.ibd and .frm files). But practically, I don't know where to start. I'm thinking that these data files are somewhat readable since encrypting them would destroy their index-ability.
Is this feasible? Or would I have to reverse engineer the data file format in order to read it?
Or even better - is there some config file that I can change which would implicitly trust all local connections similar to postgres?
You could read the mysql files directly, but even if they're now encrypted, the columns names might be weird and you could have to spend some time reading them.
Another point could be looking for config files from that software, that could have the login/password (very very low probability, but who knows?)
And the best would be:
make a backup of the mysql files
in another mysql instalation / computer (to not break your software), follow the reset mysql password guide
Try accessing it via the command line on the local machine:
shell> mysql db_name
(from MySQL documentation)
From here, you can create yourself an account if you need to connect from other client software.
Or have you already tried that?
If you have root access to the machine that MySQL is running on, then you can reset the MySQL root password by following the procedure at: http://www.cyberciti.biz/tips/recover-mysql-root-password.html. Once you've reset the root password, you can then login to MySQL as the root MySQL user, and access any of the databases, and query them. The only caveat to keep in mind is that changing the MySQL root password could potentially prevent your application from accessing the MySQL database, but that would be surprising as the application should be designed to connect to the database using a MySQL user account (with limited privileges) other than the root MySQL user.