Rails encrypt mysql - mysql

I need to do encryption / decryption via sql (mysql) in rails. The reason i need this is because i need to do this with thinking sphinx, which talks to my database in sql. What kind of tools do i need, and how do i use them (like what documentation is there, especially for use with rails, if it is not as simple as a gem) for what is out there.
Thanks for any help i get. (im on rails 3 if it helps)

as others have already asked, i am not sure what you are trying to achieve.
I used encryption(loosely used) if someone who you suspect might be accessing info or databases they are not supposed to view. If it helps, you could grant privileges to users to access specific databases within mysql.
Normally if your mysql is a new install you can login to it by doing this:
mysql -u root -p
and then press enter without typing a password then it logs you into mysql
mysql>
Lets assume we have a database called "chicken_farm_development" and we want to grant access to the user "farmer_brown"
Then we could grant privileges to "famer_brown" to only access "chicken_farm_development" database and nothing else in mysql(so farmer_brown cannot access "joes_pizza_development" database). We do this in mysql:
mysql> GRANT ALL PRIVILEGES ON chicken_farm_development.*
-> TO 'farmer_brown'#'localhost'
-> IDENTIFIED BY 'mysecretpassword';
To check that this works:
mysql> SHOW GRANTS FOR 'farmer_brown'#'localhost';
and it should display the grants for farmer_brown.
So how can you use this?
Not really sure how thinking sphinx is setup, but you could grant access for thinking sphinx to use a specific database, without affecting any other databases you might have, and can be extrapolated to production environments.
to login to mysql as farmer_brown, you would do this:
$ mysql -u farmer_brown -p chicken_farm_development
Enter password:
and whooohooo!, farmer brown now only has access to chicken_cms_developement database. In summary you can grant access to specific databases. Hope this helps a little as it was a bit unclear as to what you were asking.

Related

How to create a MySQL installation setup script?

I have an application that stores its data in an MySQL database. The application is using a specific DB account with full access, the indivdual user rights are maintained on application level. Apart from root there is no other user with access to that database.
In order to install the application on a computer I need an sql script that creates the database, the application user, all tables without data, views, triggers, stored procedures, etc.
mysqldump --no-data --routines --add-drop-database --databases dbname > sqlfile will do almost all these things but I could not find any option to include the creation of the user having access to that database. Any hints?
The reason that mysqldump doesn't dump user information is because that is stored in a different database name mysql rather than in the database for your applicaation.
You cannot add this information manually to the generated sql dump either. You have two options. Create a shell script or create a separate sql file that contains user creation information. In either case your file will include statements like
GRANT ALL ON appdb.* TO 'pb_skat'#'localhost';
http://dev.mysql.com/doc/refman/5.7/en/grant.html
Before introducing the application dump to your database.
First list down the users which all are available with you:
SELECT User, Host, Password FROM mysql.user;
Check if that user has permissions using "show grants" command to perform the operation, else provide the permissions to do so.
GRANT ALL PRIVILEGES ON . TO 'root'#'localhost' WITH GRANT OPTION
Create the database name where you want to introduce the dump.

MYSQL Password Encryption with BCrypt

I'm automating the process of creating WordPress sites with a custom shell script.
Is it possible to encrypt MYSQL passwords with BCrypt for WordPress? If so, what's the best way to approach this?
Snippet:
#!/bin/bash
execute="
CREATE DATABASE IF NOT EXISTS $dbName;
GRANT SELECT, INSERT, UPDATE, DELETE
ON $dbName.*
TO '$dbUser'#'localhost' IDENTIFIED BY '$dbPass';
FLUSH PRIVILEGES;
"
mysql -uroot -p --show-warnings -e "$execute"
With Ruby, I can encrypt it like so:
encryptedPass="$(ruby -e "require'bcrypt';puts BCrypt::Password.create('$dbPass')")"
Write your own WordPress plugin to convert the hashes using BCrypt.
Also, if you plan to go this route, make sure to audit your code thoroughly. I've included two links that have helped me get started down the path and I'm hoping they might help anyone else who's interested in hardening their setup.
http://www.ethicalhack3r.co.uk/greping-for-bugs-in-php/
https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet

logging into sql

I am a student learning sql and working an assignment to set up a database in mySQL 5.5 community version. The command I am given does not work as detailed. Here is what I have done so far:
This is the command that I am told to use after setting up mySQL 5.5.
mysql –h localhost –u root -p
This brings back a long screen of help commands. I found out that instead I need to use:
mysql -u root -p. Then I get my password prompt that works. That starts sql. Next I was given these statements to create a user named user1.
USE mysql;
create user ‘user1’#’localhost’ identified by ‘user1’;
grant select, insert, update, delete, create, drop, references, execute on *.* to ‘user1’#’localhost’;
exit
I entered these line by line and they seem to work. No errors are returned. However when I try to start the user with the following commands:
Login as user1
mysql –h localhost –u user1 –p
password is user1
I get a long list of help commands when i exexute the mysql line.
What is incorrect with the commands I have executed and also why? I initially think it may be that these commands were written for an earlier version? I was initially told to reinstall mysql and did that with no errors. I get the same results as before reinstalling it. If I need to explain or add screenshots, I will be glad to do so.
http://dev.mysql.com/doc/refman/5.0/en/connecting.html
mysql -h localhost -u user1 -ppassword database_name_here
Your other option:
mysql -h localhost -u user1 -p database_name_here
But for the second one you will have to type the password.
Sorry for not answering you question specifically, but I recommend you to get an interface to mySQL which makes it all a bit easier. In my case I still use the terminal to perform some queries once in a while, but for user management and to get a better presentation I use phpMyAdmin which makes the whole process much more neat. Good luck!

MySQL error 1449: The user specified as a definer does not exist

When I run the following query I get an error:
SELECT
`a`.`sl_id` AS `sl_id`,
`a`.`quote_id` AS `quote_id`,
`a`.`sl_date` AS `sl_date`,
`a`.`sl_type` AS `sl_type`,
`a`.`sl_status` AS `sl_status`,
`b`.`client_id` AS `client_id`,
`b`.`business` AS `business`,
`b`.`affaire_type` AS `affaire_type`,
`b`.`quotation_date` AS `quotation_date`,
`b`.`total_sale_price_with_tax` AS `total_sale_price_with_tax`,
`b`.`STATUS` AS `status`,
`b`.`customer_name` AS `customer_name`
FROM `tbl_supplier_list` `a`
LEFT JOIN `view_quotes` `b`
ON (`b`.`quote_id` = `a`.`quote_id`)
LIMIT 0, 30
The error message is:
#1449 - The user specified as a definer ('web2vi'#'%') does not exist
Why am I getting that error? How do I fix it?
This commonly occurs when exporting views/triggers/procedures from one database or server to another as the user that created that object no longer exists.
You have two options:
1. Change the DEFINER
This is possibly easiest to do when initially importing your database objects, by removing any DEFINER statements from the dump.
Changing the definer later is a more little tricky:
How to change the definer for views
Run this SQL to generate the necessary ALTER statements
SELECT CONCAT("ALTER DEFINER=`youruser`#`host` VIEW ",
table_name, " AS ", view_definition, ";")
FROM information_schema.views
WHERE table_schema='your-database-name';
Copy and run the ALTER statements
How to change the definer for stored procedures
Example:
UPDATE `mysql`.`proc` p SET definer = 'user#%' WHERE definer='root#%'
Be careful, because this will change all the definers for all databases.
2. Create the missing user
If you've found following error while using MySQL database:
The user specified as a definer ('someuser'#'%') does not exist`
Then you can solve
it by using following :
GRANT ALL ON *.* TO 'someuser'#'%' IDENTIFIED BY 'complex-password';
FLUSH PRIVILEGES;
From http://www.lynnnayko.com/2010/07/mysql-user-specified-as-definer-root.html
This worked like a charm - you only have to change someuser to the name of the missing user. On a local dev server, you might typically just use root.
Also consider whether you actually need to grant the user ALL permissions or whether they could do with less.
The user who originally created the SQL view or procedure has been deleted. If you recreate that user, it should address your error.
Follow these steps:
Go to PHPMyAdmin
Select Your Database
Select your table
On the top menu Click on 'Triggers'
Click on 'Edit' to edit trigger
Change definer from [user#localhost] to root#localhost
Hope it helps
I got the same error after updating mysql.
The error has been fixed after this command:
mysql_upgrade -u root
mysql_upgrade should be executed each time you upgrade MySQL. It
checks all tables in all databases for incompatibilities with the
current version of MySQL Server. If a table is found to have a
possible incompatibility, it is checked. If any problems are found,
the table is repaired. mysql_upgrade also upgrades the system tables
so that you can take advantage of new privileges or capabilities that
might have been added.
Create the deleted user like this :
mysql> create user 'web2vi';
or
mysql> create user 'web2vi'#'%';
If the user exists, then:
mysql> flush privileges;
Solution is just a single line query as below :
grant all on *.* to 'ROOT'#'%' identified by 'PASSWORD' with grant option;
Replace ROOT with your mysql user name.
Replace PASSWORD with your mysql password.
Fixed by running this following comments.
grant all on *.* to 'web2vi'#'%' identified by 'root' with grant option;
FLUSH PRIVILEGES;
if you are getting some_other instead of web2vi then you have to change the name accordingly.
For future googlers: I got a similar message trying to update a table in a database that contained no views. After some digging, it turned out I had imported triggers on that table, and those were the things defined by the non-existant user. Dropping the triggers solved the problem.
quick fix to work around and dump the file:
mysqldump --single-transaction -u root -p xyz_live_db > xyz_live_db_bkup110116.sql
grant all on *.* to 'username'#'%' identified by 'password' with grant option;
example:
grant all on *.* to 'web2vi'#'%' identified by 'password' with grant option;
I had the same problem with root user ans it worked for me when I replaced
root#%
by
root#localhost
So, if the user 'web2vi' is allowed to connect from 'localhost', you can try:
web2vi#localhost
I'm connected remotely to the database.
The user 'web2vi' does not exist on your mysql server.
See http://dev.mysql.com/doc/refman/5.1/en/error-messages-server.html#error_er_no_such_user
If that user does exist, check what servers it can access from, although I would have thought that would be a different error (EG you might have web2vi#localhost, but you are accessing the db as web2vi#% (At anything)
This happened to me after moving the DB from one server to another server. Initially, the definer was using localhost and the user. On the new server we don't have that user, and host had also been changed. I took a back up of that particular table and removed all the triggers manually from phpmyadmin. After that it has been working fine for me.
Why am I getting that error? How do I fix it?
I spent a hour before found a decision for a problem like this. But, in my case, I ran this:
mysql> UPDATE `users` SET `somefield` = 1 WHERE `user_id` = 2;
ERROR 1449 (HY000): The user specified as a definer ('root'#'%') does not exist
If you really want to find the problem, just run this commands one by one:
SHOW PROCEDURE STATUS;
SHOW FUNCTION STATUS;
SHOW TRIGGERS;
SHOW FULL TABLES IN database_name WHERE TABLE_TYPE LIKE 'VIEW';
...and, after each of them, look for the field 'definer'.
In my case it was bearded old trigger, that somebody of developers forgot to delete.
My 5 cents.
I had same error while I tried to select from a view.
However problem appears to be that this view, selected from another view that was restored from backup from different server.
and in fact, YES, user was invalid, but was not obvious where to from the first look.
I had your very same problem minutes ago, I ran into this issue after deleting an unused user from mysql.user table, but doing an alter view fixed it, here is a handy command that makes it very simple:
SELECT CONCAT("ALTER DEFINER=`youruser`#`host` VIEW ",
table_name," AS ", view_definition,";") FROM
information_schema.views WHERE table_schema='databasename'
Mix this with the mysql command line (assuming *nix, not familiar with windows):
> echo above_query | mysql -uuser -p > alterView.sql
> mysql -uuser -ppass databasename < alterView.sql
Note: the command generates and extra SELECT CONCAT on the file, making mysql -uuser -ppass databasename < alterView.sql fail if you don't remove it.
Source: https://dba.stackexchange.com/questions/4129/modify-definer-on-many-views
Try to set your procedure as
SECURITY INVOKER
Mysql default sets procedures security as "DEFINER" (CREATOR OF).. you must set the security to the "invoker".
From MySQL reference of CREATE VIEW:
The DEFINER and SQL SECURITY clauses specify the security context to be used when checking access privileges at view invocation time.
This user must exist and is always better to use 'localhost' as hostname. So I think that if you check that the user exists and change it to 'localhost' on create view you won't have this error.
Your view, "view_quotes" may have been copied from a different database where "web2vi" is a valid user into a database where "web2vi" is not a valid user.
Either add the "web2vi" user to the database or alter the view (normally removing the DEFINER='web2vi'#'%' part and executing the script will do the trick)
In my case, the table had a trigger with a DEFINER user that didn't exist.
You can change the definer for a specific database to an existing user:
UPDATE mysql.proc SET definer = 'existing_user#localhost' WHERE db = 'database_name';
The problem is clear - MySQL cannot find user specified as the definer.
I encountered this problem after synchronizing database model from development server, applying it to localhost, making changes to the model and then reapplying it to localhost. Apparently there was a view (I modified) defined and so I couldn't update my local version.
How to fix (easily):
Note: it involves deleting so it works just fine for views but make sure you have data backed-up if you try this on tables.
Login to database as root (or whatever has enough power to make changes).
Delete view, table or whatever you are having trouble with.
Synchronize your new model - it will not complain about something that does not exist now. You may want to remove SQL SECURITY DEFINER part from the item definition you had problems with.
P.S. This is neither a proper nor best-all-around fix. I just posted it as a possible (and very simple) solution.
You can try this:
$ mysql -u root -p
> grant all privileges on *.* to `root`#`%` identified by 'password';
> flush privileges;
For me, removing the '' from the DEFINER did the trick.
DEFINER = user#localhost
Go into the edit routine section and and at the bottom, change Security Type from Definer to Invoker.
One or several of your views where created/registered by another user. You'll have to check the owner of the view and:
Recreate the user; as the other answers say.
or
Recreate the views that where created by the user 'web2vi' using ALTER VIEW
I had this problem once.
I was trying to migrate views, from BD1 to BD2, using SQLYog. SQLYog recreated the views in the other DataBase (DB2), but it kept the user of BD1 (they where different). Later I realized that the views I was using in my query were having the same error as you, even when I wasn't creating any view.
Hope this help.
If this is a stored procedure, you can do:
UPDATE `mysql`.`proc` SET definer = 'YournewDefiner' WHERE definer='OldDefinerShownBefore'
But this is not advised.
For me, better solution is to create the definer:
create user 'myuser' identified by 'mypass';
grant all on `mytable`.* to 'myuser' identified by 'mypass';
when mysql.proc is empty, but system always notice "user#192.168.%" for table_name no exist,you just root in mysql command line and type:
CHECK TABLE `database`.`table_name` QUICK FAST MEDIUM CHANGED;
flush privileges;
over!
in my case I had a trigger on that table that I could not update data getting the same error.
MySQL error 1449: The user specified as a definer does not exist
the solution was to delete the triggers on that table and recreate them again, this fixed the issue, since the the trigger was made with another user from another server, and the user name changed on the new server after changing hosting company . that's my 2 cents

How to create a MySQL user without password - needed for remote login - to be used in bash insert script?

My requirement is to create a user for remote login but without a password. At my remote space I use a bash script to do inserts, which is something like:
for i in {1..5000}; do
mysql -h 11.40.3.169 -uUser -pPass -DDatabaseName <<<
"insert into DatabaseTableName values('$i','dummy_$i');" &
echo -n "$i "
sleep 1
date
done
The problem is that each insert is taking almost 4 seconds, and I can not pinpoint the problem to anything but authentication at every insert. So, if I could create a user in MySQL with minimal authentication involved...Something like:
# I'm trying to remove this password
GRANT ALL PRIVILEGES TO 'user'#'%' IDENTIFIED BY 'password';
...Anything you can suggest.
Just remove the IDENTIFIED BY part:
GRANT ALL PRIVILEGES ON *.* TO 'user'#'%'
Note that remote login from anywhere without a password is a very insecure thing. You better limit the allowed IP range for this user:
GRANT ALL PRIVILEGES ON *.* TO 'user'#'allowed_remote_machine'
You can do this by creating a user with a password and then placing a .my.cnf file in the home directory of the account which runs the bash script containing the following:
[mysql]
user=user
password=pass
[mysqladmin]
user=user
password=pass
This might be better than creating a user with no password.
I think your problem lies in the fact that you are starting the mysql client for each insert. You should be doing your inserts from a php, java, etc program - not from a shell script.
The startup time of the client (and connection to the host) is killing you. I routinely do 1000s of inserts per minute from a php or java program to a MySQL database with millions of records on a small (CPU/memory) machine.
It's not so good idea to have a user without password and all privileges. I suggest you to create a user without password but just with some privileges (insert to specific table or specific database).
First off, using a client cnf file on the remote machine running the script wont speed this up. MySQL client is still sending logon information and logging in for each insert, it's just reading.a file for uid/pw instead of using cmd line arguments. AFAIK The network and authentication overhead are identical. Even the network packet contents will be the same.
You should still use a cnf file..
The way to.improve performance is to do multi-line linserts:
MySQL --defaults-file=/some/uid/pw/etc/.client.cnf -e \
"Insert into
tbl_name
('fld1','fld2')
values
('r1-fld1','r1-fld2'),
('r2-fld2','r2-fld2'),
...and so on (up to max_allowed_packet_size)
('r500-fld2','r500-fld2');"
Or READ DATA INFILE on server side after shipping over the data file