I was wondering if it was possible to have 1 database, but multiple logins (so that when a developer leaves, we don't have to change the entire db password and all instances of it).
If that's possible, how would I do it? (I have NO experience with phpmyadmin aside from code related queries, I'm doing research for a friend who would be able to implement it)
Thanks in advanced!
phpMyAdmin has a simple way of creating new SQL users. From the home screen, click on the database in the left column for which you want to add a new user. Click on the Privileges tab. At the bottom, there is a command labeled, "Add new user"; click that. Type in the username and password that you want to assign to the account. To restrict the user to that database, select "Grant all privileges on database."
Note: I'm using phpMyAdmin 3.4.7.1.
Yes that is possible. If you are using localhost, just login and create a new user and give the privileges for the database.
http://wiki.phpmyadmin.net/pma/user_management#Creating_a_new_user
If you are hosted server on Linux, there is an option to create new users and and assign to the databases with different privileges.
Yes, it's quite simple. PhpMyAdmin validates logins against MySQL's user permissions list. Simply create multiple MySQL users with full privileges on the DB in question and give each admin their own user.
It's easy to set this up from directly inside PhpMyAdmin. Just log in as a high-privilege user and click the "Privileges" tab. Then "Add New User" and specify the username, the host (generally localhost), a password and then create the user (with no privileges checked). Once the user is created, go back to the user list on the Privileges tab and click the edit button next to your new user. Then, under "Database-specific privileges", select the database you'd like to grant privileges... then just select all the rights you want to give this user and click "Go". This new MySQL user and password can now be issued to an admin so he/she can log into PhpMyAdmin, and it revoked at any time in the future.
Related
I reinstalled Mysql multiple times but when I try to create a user for example "Test" I get this error
The root user logins fine though.
I found it.
I logged in as root user and then on the left pane under "Navigator" there is "Users and privileges". Select that and then click "Add account". Fill in the details and then come back to home page of the mysql workbench. There you create a new connection and name it whatever you like and then use the username and password you used while adding the account.
I am using MySQL workbench 6.2.3. I want limit user access to an individual database.When one trying to open a database after getting in a connection, he/she should enter user name and password. Is there any provision to grant access to a database after entering valid username and password?
There's no way to require an additional password for a user once he logged in. Control access via the normal MySQL login. The user name used for that can be configured to have only access to the objects you want. The used user name decides what is allowed and what is not.
For commercial MySQL editions you can also use the new MySQL Firewall, which allows only a set of previously learned queries to be run by a given user. It's not a second login, but you can fine tune access levels for a given user.
I am not sure if this is what you are trying to achieve but you can do the following to grant a user the access to a single database and all its tables.
You login as root with "mysql -u root"
Then execute : GRANT ALL PRIVILEGES ON SpecificUserDB.* To 'TheUser'#'yourserver' IDENTIFIED BY 'secretpwd';
Hope this helps.
Good Day
I am a front-end developer, and I know little from MySQL and databases.
I have a Wordpress MySQL database in CPanel. Now I forgot my password, and the password for my user as seen in phpmyadmin is hashed/encrypted.
How do I get the password?
NOTE: I do not have access to the Server since this is a website on a shared hosting account, so doing the following is not possible for me:
See this post on Stack
Stop the MySQL process.
Start the MySQL process with the --skip-grant-tables option.
Start the MySQL console client with the -u root option.
List all the users;
SELECT * FROM mysql.user;
Reset password;
UPDATE mysql.user SET Password=PASSWORD('[password]') WHERE User='[username]';
But DO NOT FORGET to
Stop the MySQL process
Start the MySQL Process normally (i.e. without the --skip-grant-tables option)
when you are finished. Otherwise, your database's security could be compromised.
If your website is working you can probably find the mysql user/password
in the config.php file in your wordpress filesystem.
Otherwise:
Your best option is probably to add a user to the database and give it the needed privileges, to do that:
Click MySQL databases.
Create new user.
Assign new user to your database.
Edit config.php on your wordpress filesystem and change to the new username.
This is sub optimal, but will work.
There is a simple way for you to gain access to your WordPress user info if you don't know the password. I'm assuming you are talking about a WordPress user password retrieval. You need to have access and edit privileges to your database to do this.
-Open up phpMyAdmin or however you prefer to access database tables
-Select your database
-Open the table wp_users
-Under the column 'user_login' you will need to find which entry you want to access. Your username should be in one of the row entries.
-Once found, there will be a 'user_pass' column as well. Now some explaining needs to happen. You cannot retrieve your password without hacking/brute forcing that encryption. These are MD5 hash encrypted passwords. What we are going to do is just simply create a new password here. All you have to do is Google "MD5 Hash generator". I tested this on the first result I found and it worked.
-Once you find a website with a generator just simply type in your password and then retrieve the hash that's given to you. For example I typed in 'password' and I receive '5f4dcc3b5aa765d61d8327deb882cf99' Now we have a new encrypted password to set. If you are worried about sites saving your password entries or hashes just make up a password as a temporary fix. Then you can just login with that and change the password via the WordPress Dashboard later.
-Select the row that your username is in. Click Change/Edit then just copy and paste the entire MD5 Hash into the wp_pass column.(Overwrite the old password btw.) Save/Go/Execute to make sure the table was re-written. In this example I would be pasting '5f4dcc3b5aa765d61d8327deb882cf99' into the column without quotes of course.
-Please be sure to only change the 'wp_pass' entry and to make sure it's corresponding to the correct username.(On the same row)
-Now you should be able to login with your new password.('password')
I want to give permission to a user to access my database using work bench "users and privilege" option. Now i was create a account, I want to give read only permission to this account user. But i confused to give privilege to this user.Please help me...
Read only using the MySQL Client right? Select a user under "users and privilege" and click the tab "schema privileges". Click "add entry", pick a host and schema. Then al you have to do is check the "select" privilege. This user has read only rights now.
Say you created a blog application, and it's data is stored in a MySQL database. In your application configuration you set the data source name to myBlog user root password whatever
Now, when users start using your blog to access, post to, and comment on threads, etc... I am assuming they connect as root through the application myblog ...
So... users connect to the application myBlog who in turn connects to MySQL as user root , using password whatever --- it's not really the users that are connecting to MySQL, it's the application. Correct?
Is there not a security issue with this approach? Should I create a new username in MySQL for the application myBlog with specific privileges and leave root only for administering the database?
yes, the application connects to the db. you should create a new mysql user for your application, do something like
CREATE DATABASE myblog_env;
CREATE USER 'myblogenv-user'#'%' IDENTIFIED BY 'your pw';
GRANT ALL PRIVILEGES ON myblog_env.* TO 'myblogenv-user'#'%' WITH GRANT OPTION;
something like the above should do it. The 'env' part of the above is for if you want to create a new db for difference environments, like dev, stage, prod, whatever....
this way your application user has complete access to its db, but no other dbs in the mysql instance.
First of all, you should NEVER use the root account of a mysql database for anything else then admin work.
Second of all, in theory yes the user of your blog would be the "root" in your mysql database, but hopefully there is a lot of sanatizing and cleaning up in your blogs code before any queries are executed...anything else would be know as an "sql inject"
You are exactly right. This is called the principle of least privilege. You should give the application the minimum access rights that it needs to complete the job. This would not be root.
The short answer is: Yes.
Long answer:
Security: You should have a different user for your application than you do for yourself as the administator. That application user should only have read (and write if necessary) privileges on the specific database it needs to access. Also, it should not have privilege-granting privileges, nor drop table privileges, nor database creation/dropping privileges, nor anything else that is reserved for you.
Convenience: If you ever need to change your password, you don't want to have to change your application, and vice versa.