I'm using phpmyadmin/wampserver. Is it possible to add a password on a database?Because my problem is I cannot access the whole thing(http://localhost/phpmyadmin) in my web browser if I put a password on it.
instead of doing that, i suggest you put a password to the mysql account you are using in connecting to mysql thru phpmyadmin. then, edit the field relating to the 'password' of the mysql account you are using in the config file of you phpmyadmin app... just a thought!
what do you need the password for? you can create 2 users of the db - one for select/view only privs and another for full privs
Related
Hey I've coded a Program with Login that connects to my MySql Database.
Since everyone has to Login before using it they have to connect to the Database in order to proof if the Login Details are correct.
To allow that connection I have store the Username and Password for that Database inside the Program:
datasource=myip;port=myport;username=username;password=password;database=database
I guess it wouldn't be hard at all for any hacker to find this username and password so is it possible to hide the login details somehow? I were able to crypt and decrypt it but I don't think that it would be too hard to even crack that.
How do others do it or is there a other way to connect to your database without the username and password in ur code?
As Baseult indicates in the comments, the only way to stop someone breaking into your database is not give it to them in the first place - you keep the DB on your server, and other people access it by sending calls to a web service. Doesn't have to be RESTful
I can't add comments but why not use a generic login to connect to the database and restrict it with user names/passwords/hashes for the application via a user table in your database?
I have a request from a customer and I am quite sure the answer is no, but wondering if someone has a different answer.
Background
As you know MySQL installation create a database called "mysql" where it stores the databases we create and also the users.
In the user table, there is a field called "authentication_string" where the user password is saved.
Project
On this project each time a customer creates an account a new database user and database is created.
When a customer logs in through a web interface, the system calls an API to authenticate him/her. After that the root db user is used to connect to customer database, not their own database credentials, why? because they do not want to save user and password on database (this is a temp solution)
They want to change the application so after authentication/authorization process and they would somehow only needed root credentials to somehow get user and password from "mysql db" and then use them to create the connection using customer db credentials.
Is this possible? Or is there some mysql parent - children configuration where this scenario is possible?
Project uses MySQL 5.7
From what I can understand I think you could just use MySQL’s SET PASSWORD to set some random strong password for the user and then login using that. This way you would not store anything and it would still be pretty secure assuming your root db access is fairly isolated from the thing that’s trying to login as the user.
For example:
SET PASSWORD FOR some_user = <long-strong-randomly-generated-password-string>
Afterwards you return this <long-strong-randomly-generated-password-string> from your access-providing process and then the user process can login using that. In this case it would stay valid until the next SET PASSWORD, so keep that in mind, but depending on your use-case that might be ok.
I Am working on installation of an application which uses MySql 5.6 Database and Tomcat as web server. After successful installation, there were two users found(admin & ascuser) by default. At first, i login(to GUI) with admin user and given (pre-defined) password. Then prompted to change admin password which went good. Later unfortunately i lost the admin password. Then i could not login to GUI. There is no option to reset admin password in GUI. There is no info provided about ascuser. I logged in to the mysql DB as root user. Passwords are hashed.
Here are few queries. Can anyone please suggest how to change/reset the password for admin user? I dont want to create any other users apart from the existing ones.
FYI:
Below are few outputs:
Mysql Query outputs
Users DB
I googled for password() in mysql to reset the admin password. But all in vain. Can any one Please provide some inputs ?
Unfortunately you cant crack the salted hashes .
But yes you can reset the user Password
check this thread How can I decrypt MySQL passwords
I want to restore an owncloud installation by restoring the database and all web files.My problem is, that I used the root user for the mysql database and owncloud created another user called oc-michael (my account name is michael). Now I need the password of this user to be able to create a user with this password.
Or how can I do this?
The password of the MySQL user oc-michael is written in your /config/config.php at the 'dbpassword' variable.
Hint: Please note that this looks like a hash but its just a very long plaintext password which was auto-generated.
Good Day
I am a front-end developer, and I know little from MySQL and databases.
I have a Wordpress MySQL database in CPanel. Now I forgot my password, and the password for my user as seen in phpmyadmin is hashed/encrypted.
How do I get the password?
NOTE: I do not have access to the Server since this is a website on a shared hosting account, so doing the following is not possible for me:
See this post on Stack
Stop the MySQL process.
Start the MySQL process with the --skip-grant-tables option.
Start the MySQL console client with the -u root option.
List all the users;
SELECT * FROM mysql.user;
Reset password;
UPDATE mysql.user SET Password=PASSWORD('[password]') WHERE User='[username]';
But DO NOT FORGET to
Stop the MySQL process
Start the MySQL Process normally (i.e. without the --skip-grant-tables option)
when you are finished. Otherwise, your database's security could be compromised.
If your website is working you can probably find the mysql user/password
in the config.php file in your wordpress filesystem.
Otherwise:
Your best option is probably to add a user to the database and give it the needed privileges, to do that:
Click MySQL databases.
Create new user.
Assign new user to your database.
Edit config.php on your wordpress filesystem and change to the new username.
This is sub optimal, but will work.
There is a simple way for you to gain access to your WordPress user info if you don't know the password. I'm assuming you are talking about a WordPress user password retrieval. You need to have access and edit privileges to your database to do this.
-Open up phpMyAdmin or however you prefer to access database tables
-Select your database
-Open the table wp_users
-Under the column 'user_login' you will need to find which entry you want to access. Your username should be in one of the row entries.
-Once found, there will be a 'user_pass' column as well. Now some explaining needs to happen. You cannot retrieve your password without hacking/brute forcing that encryption. These are MD5 hash encrypted passwords. What we are going to do is just simply create a new password here. All you have to do is Google "MD5 Hash generator". I tested this on the first result I found and it worked.
-Once you find a website with a generator just simply type in your password and then retrieve the hash that's given to you. For example I typed in 'password' and I receive '5f4dcc3b5aa765d61d8327deb882cf99' Now we have a new encrypted password to set. If you are worried about sites saving your password entries or hashes just make up a password as a temporary fix. Then you can just login with that and change the password via the WordPress Dashboard later.
-Select the row that your username is in. Click Change/Edit then just copy and paste the entire MD5 Hash into the wp_pass column.(Overwrite the old password btw.) Save/Go/Execute to make sure the table was re-written. In this example I would be pasting '5f4dcc3b5aa765d61d8327deb882cf99' into the column without quotes of course.
-Please be sure to only change the 'wp_pass' entry and to make sure it's corresponding to the correct username.(On the same row)
-Now you should be able to login with your new password.('password')