JDBC MySQL again
Hi, I searched the archives for a solution to my problem, but couldn't find any. Like many, I keep getting the following error: SQLException: Cannot connect to MySQL server on localhost:3306. Is there a MySQL server running on the machine/port you are trying to connect to? (java.net.ConnectException) There's no stacktrace like some other people posted, I don't know why not. I think I got my sourcecode ok. I tried three different approaches: Class.forName(org.gjt.mm.mysql.Driver); Class.forName(org.gjt.mm.mysql.Driver).newInstance(); Thread.currentThread().getContextClassLoader().loadClass(org.gjt.mm.mys ql.Driver); I also got this other stuff in my error log when I start Tomcat, but I don't know if that's part of my problem or just the result of me ruining other files: Starting service Tomcat-Standalone Apache Tomcat/4.0.4 PARSE error at line 1 column 10 org.xml.sax.SAXParseException: Element type web-app must be declared. Server 1.6 is running Press [Ctrl]+[C] to abort Starting service Tomcat-Apache Apache Tomcat/4.0.4 SQLException: Cannot connect to MySQL server on localhost:3306. Is there a MySQL server running on the machine/port you are trying to connect to? (java.net.ConnectException) I got: Debian3.0/woody Tomcat4.0.4 j2sdk1.3 (BlackDown FCS) Mm.mysql-2.0.14 MySQL 3.23.49 JW Shapers p.s. I have the exact same servlet running fine on WindowsXP/Tomcat4.0.3/j2sdk14/mm.mysql-2.0.12/MySQL3.23.49. But I need Debian now. p.s.2 I have a deju-vu at this moment. Weird :) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: JDBC MySQL again
Starting service Tomcat-Standalone Apache Tomcat/4.0.4 PARSE error at line 1 column 10 org.xml.sax.SAXParseException: Element type web-app must be declared. Howdy, I haven't seen your original message, which presumably has to do with the MySQL error. However, the above is enough to suggest something is seriously wrong with the configuration for your web application. That could definitely affect the allocation of database drivers and other things. Double-check your web.xml for correctness. Create a simple servlet or JSP page in your app that you can run, and verify that it runs OK. Don't do any DB activity in that page. Once you have that done, it will be a lot easier to trace what's wrong with the MySQL stuff. Yoav Shapira Millennium ChemInformatics -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: JDBC MySQL again
Your class loader looks ok, but you can simplify it to: Class.forName(org.gjt.mm.mysql.Driver); But the way you're getting the connection is strange (to my eyes), here's an easier way (change the url for you instance): DriverManager.getConnectio( jdbc:msql://www.myserver.com:1114/contact_mgr, username, password ); --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Jan Willem Penterman [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 8:15 AM To: [EMAIL PROTECTED] Subject: JDBC MySQL again Hi, I searched the archives for a solution to my problem, but couldn't find any. Like many, I keep getting the following error: SQLException: Cannot connect to MySQL server on localhost:3306. Is there a MySQL server running on the machine/port you are trying to connect to? (java.net.ConnectException) There's no stacktrace like some other people posted, I don't know why not. I think I got my sourcecode ok. I tried three different approaches: Class.forName(org.gjt.mm.mysql.Driver); Class.forName(org.gjt.mm.mysql.Driver).newInstance(); Thread.currentThread().getContextClassLoader().loadClass(org.gjt.mm.mys ql.Driver); I also got this other stuff in my error log when I start Tomcat, but I don't know if that's part of my problem or just the result of me ruining other files: Starting service Tomcat-Standalone Apache Tomcat/4.0.4 PARSE error at line 1 column 10 org.xml.sax.SAXParseException: Element type web-app must be declared. Server 1.6 is running Press [Ctrl]+[C] to abort Starting service Tomcat-Apache Apache Tomcat/4.0.4 SQLException: Cannot connect to MySQL server on localhost:3306. Is there a MySQL server running on the machine/port you are trying to connect to? (java.net.ConnectException) I got: Debian3.0/woody Tomcat4.0.4 j2sdk1.3 (BlackDown FCS) Mm.mysql-2.0.14 MySQL 3.23.49 JW Shapers p.s. I have the exact same servlet running fine on WindowsXP/Tomcat4.0.3/j2sdk14/mm.mysql-2.0.12/MySQL3.23.49. But I need Debian now. p.s.2 I have a deju-vu at this moment. Weird :) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: JDBC MySQL again
Hi, What happens when you use another version of mysql driver, I was having trouble with version 14. /colin - Original Message - From: Jan Willem Penterman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 12, 2002 5:14 PM Subject: JDBC MySQL again Hi, I searched the archives for a solution to my problem, but couldn't find any. Like many, I keep getting the following error: SQLException: Cannot connect to MySQL server on localhost:3306. Is there a MySQL server running on the machine/port you are trying to connect to? (java.net.ConnectException) There's no stacktrace like some other people posted, I don't know why not. I think I got my sourcecode ok. I tried three different approaches: Class.forName(org.gjt.mm.mysql.Driver); Class.forName(org.gjt.mm.mysql.Driver).newInstance(); Thread.currentThread().getContextClassLoader().loadClass(org.gjt.mm.mys ql.Driver); I also got this other stuff in my error log when I start Tomcat, but I don't know if that's part of my problem or just the result of me ruining other files: Starting service Tomcat-Standalone Apache Tomcat/4.0.4 PARSE error at line 1 column 10 org.xml.sax.SAXParseException: Element type web-app must be declared. Server 1.6 is running Press [Ctrl]+[C] to abort Starting service Tomcat-Apache Apache Tomcat/4.0.4 SQLException: Cannot connect to MySQL server on localhost:3306. Is there a MySQL server running on the machine/port you are trying to connect to? (java.net.ConnectException) I got: Debian3.0/woody Tomcat4.0.4 j2sdk1.3 (BlackDown FCS) Mm.mysql-2.0.14 MySQL 3.23.49 JW Shapers p.s. I have the exact same servlet running fine on WindowsXP/Tomcat4.0.3/j2sdk14/mm.mysql-2.0.12/MySQL3.23.49. But I need Debian now. p.s.2 I have a deju-vu at this moment. Weird :) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: JDBC MySQL again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Aug 12, 2002 at 05:14:46PM +0200, Jan Willem Penterman wrote: SQLException: Cannot connect to MySQL server on localhost:3306. Is there a MySQL server running on the machine/port you are trying to connect to? (java.net.ConnectException) generally, if you see this problem, your driver is loaded correctly; however, it is unable to connect to your mysql server. i would test this by trying to telnet to port 3306 on localhost and see if you get a connection. if you don't, you need to make sure your mysql is allowing connections over tcp/ip which, if i'm not mistaken, debian has turned off by default. look in the /etc/my.cnf or maybe /etc/mysql/my.cnf or some such for a skip-networking flag and comment it out if necessary. restart mysql, try the telnet again. if it works, restart tomcat and see if your app works. another thing to check is if you have some sort of firewall software enabled that is blocking that particular port. hth, - -- Peter Abplanalp Email: [EMAIL PROTECTED] PGP: pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9V9W0ggA8sH0iRXQRAnQcAJ9dEA9G4+Fw3QT7j2IbNeV3h1eEDwCcDcvo q5X51xanggB0ECObZIx+n2Q= =e9ia -END PGP SIGNATURE- -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: JDBC MySQL again
Also, if you are using ipchains or iptables as a firewall, you may need to open a conduit to allow access to port 3306. Even on localhost, ipchains will not allow access unless configured to do so. Larry [EMAIL PROTECTED] 08/12/02 09:35 AM generally, if you see this problem, your driver is loaded correctly; however, it is unable to connect to your mysql server. i would test this by trying to telnet to port 3306 on localhost and see if you get a connection. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: JDBC MySQL again
generally, if you see this problem, your driver is loaded correctly; however, it is unable to connect to your mysql server. i would test this by trying to telnet to port 3306 on localhost and see if you get a connection. if you don't, you need to make sure your mysql is allowing connections over tcp/ip which, if i'm not mistaken, debian has turned off by default. look in the /etc/my.cnf or maybe /etc/mysql/my.cnf or some such for a skip-networking flag and comment it out if necessary. restart mysql, try the telnet again. if it works, restart tomcat and see if your app works. Very good! You're the 'winner' with the right answer! I was thinking my mysqld setup was ok, since it worked flawlessly with PHP. I guess PHP and MySQL have some sort of secret 'marriage', and don't connect over TCP/IP? [off-topic] Is that also the reason that php:mysql seems about twice as fast in executing queries in comparison to jdbc:mysql? I tested this on my Windows machine. [/off-topic] However, now I get the following exception: SQLException: Invalid authorization specification: Access denied for user: 'root@barrie' (Using password: YES) My guess is that I have to config mysqld in a way that it accepts this user (of which I'm pretty sure it has the correct login and password) from 'barrie' instead of 'localhost' (barrie and localhost essentially are the same Debian box). But that's not a question to ask to this list... Thanks Hoang! (and the rest of you who didn't give the right answer;). I tried your solutions, and at least I got rid of the parse error that also was in my catalina.out but that had a different cause). JW -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: JDBC MySQL again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Aug 12, 2002 at 06:57:09PM +0200, Jan Willem Penterman wrote: generally, if you see this problem, your driver is loaded correctly; however, it is unable to connect to your mysql server. i would test this by trying to telnet to port 3306 on localhost and see if you get a connection. if you don't, you need to make sure your mysql is allowing connections over tcp/ip which, if i'm not mistaken, debian has turned off by default. look in the /etc/my.cnf or maybe /etc/mysql/my.cnf or some such for a skip-networking flag and comment it out if necessary. restart mysql, try the telnet again. if it works, restart tomcat and see if your app works. Very good! You're the 'winner' with the right answer! I was thinking my yay! do i get a medal or something? ;-) mysqld setup was ok, since it worked flawlessly with PHP. I guess PHP and MySQL have some sort of secret 'marriage', and don't connect over TCP/IP? probably. [off-topic] Is that also the reason that php:mysql seems about twice as fast in executing queries in comparison to jdbc:mysql? I tested this on my Windows machine. [/off-topic] yes. domain sockets leave out the whole tcp/ip stack and are much faster. However, now I get the following exception: SQLException: Invalid authorization specification: Access denied for user: 'root@barrie' (Using password: YES) My guess is that I have to config mysqld in a way that it accepts this user (of which I'm pretty sure it has the correct login and password) from 'barrie' instead of 'localhost' (barrie and localhost essentially are the same Debian box). But that's not a question to ask to this list... since we're here... yes, the problem is that when you connect using the mysql tool on the command line, the client thinks it is localhost; however, java passes the host name over the connection and thus you must allow the root user to connect to mysql from that host even thought they are esentially the same. as root: use mysql; grant all privileges on db.object(s) to root@barrie identified by 'some_password' [with grant option]; flush privileges; minor nit - i wouldn't use the root user for these connections. if the password is somehow compromised, your *entire* server is compromised. if, however, you set up different users for each database only that particular database will be compromised. - -- Peter Abplanalp Email: [EMAIL PROTECTED] PGP: pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9V+r/ggA8sH0iRXQRAiEYAJ0fDrn34VaWmFMGXIFqMjzRQH5I6wCguCkx ldddPETeicqjMdQfm5ZgChc= =0/8l -END PGP SIGNATURE- -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: JDBC MySQL again
yay! do i get a medal or something? ;-) Yes you get a medal. Only thing is that it is so incredibly heavy that I can't send it by mail. You have to come pick it up at our office in Amsterdam :P O and I gave my thanks to Hoang, but I was mistaken. Thanks Peter! [off-topic] Is that also the reason that php:mysql seems about twice as fast in executing queries in comparison to jdbc:mysql? I tested this on my Windows machine. [/off-topic] yes. domain sockets leave out the whole tcp/ip stack and are much faster. Why on earth they invented JDBC for then? I am really dissappointed by the lack of performance compared to PHP. The processing of query results in Java is even worse (about 10 times slower). use mysql; grant all privileges on db.object(s) to root@barrie identified by 'some_password' [with grant option]; flush privileges; You get TWO medals now. minor nit - i wouldn't use the root user for these connections. if the password is somehow compromised, your *entire* server is compromised. if, however, you set up different users for each database only that particular database will be compromised. True. But at this stage it's not that important :) JW -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: JDBC MySQL again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Aug 12, 2002 at 07:45:03PM +0200, Jan Willem Penterman wrote: Yes you get a medal. Only thing is that it is so incredibly heavy that I can't send it by mail. You have to come pick it up at our office in Amsterdam :P next time i'm in europe, i'll stop by and pick them up. Why on earth they invented JDBC for then? I am really dissappointed by the lack of performance compared to PHP. The processing of query results in Java is even worse (about 10 times slower). well, how do propose to get results if your database server isn't on the same box as your webserver? ;-) - -- Peter Abplanalp Email: [EMAIL PROTECTED] PGP: pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9V/aXggA8sH0iRXQRAjPcAJ4yXUPW6542kd1jylikkRj4ohfEKQCgoS+/ Jk5bE6T/ZRLYOLeymzqTOD8= =DTUQ -END PGP SIGNATURE- -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
mySQL again
Hi! My connectionURL in server.xml now looks like this: "jdbc:mysql://localhost/auth?user=rootpassword=somepassword" and tomcat doesn't start up (although there is no error msg or anything) and when i execute tomcat stop i get the following exception: org.xml.sax.SAXParseException: Next character must be ";" terminating reference to entity "password" and a stack trace follows... why is that? vVolf - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
re: mySQL again
Hi! My connectionURL in server.xml now looks like this: "jdbc:mysql://localhost/auth?user=rootpassword=somepassword" and tomcat doesn't start up (although there is no error msg or anything) and when i execute tomcat stop i get the following exception: org.xml.sax.SAXParseException: Next character must be ";" terminating reference to entity "password" and a stack trace follows... why is that? I guess you should escape the "" character in your connectionURL by replacing it with "amp;", as the XML parser will parse entities like "lt;" or "quote;" or things like that... Try jdbc:mysql://localhost/auth?user=rootamp;password=somepassword instead, that should work... np: Flanger - Nightbeat 1 (Midnight Sound) - Sent through MailGateway - http://www.ssw.uni-linz.ac.at:2000/ Send or read your emails anywhere. - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: mySQL again
Hi, You might want to try something like the following. It works for me. RequestInterceptor className="org.apache.tomcat.request.JDBCRealm" debug="99" driverName="org.gjt.mm.mysql.Driver" connectionURL="jdbc:mysql://localhost/somedb" userTable="user_tbl" userNameCol="user_id" userCredCol="psswd" userRoleTable="user_role_tbl" roleNameCol="user_role" connectionName="someuser" connectionPassword="somepassword" / Andrew On Thu, 01 Mar 2001, you wrote: Hi! My connectionURL in server.xml now looks like this: "jdbc:mysql://localhost/auth?user=rootpassword=somepassword" and tomcat doesn't start up (although there is no error msg or anything) and when i execute tomcat stop i get the following exception: org.xml.sax.SAXParseException: Next character must be ";" terminating reference to entity "password" and a stack trace follows... why is that? vVolf - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Protecting mysql access (was: re: mySQL again)
Slightly off topic, but important! Having seen way too much in terms of hacking and system compromises, might I suggest you create another, and far less privileged user than root, for accessing mysql. Unless you've gone into the grant tables and creatd a different mysql superuser and reduced root's priv, then the root login to mysql is like root on unix, superuser, God, etc. If multiple users have shell access to the tomcat host system, and those same users are not authorized as mysql root, than I know of no way to keep unauthorized eyes from looking at the server.xml file other than by making it sysroot protected. But to do that, you need to run tomcat under root. If anyone has a good mechanism for securing the server's and/or servlet's credential for db access, I'd certainly love to hear it. That issue has been my one and only thorn in the side since I began switching for perl/cgi (where the solution to that issue is a no-brainer) to using tomcat. -- Rob --On Thursday, March 01, 2001 10:19:13 AM +0100 [EMAIL PROTECTED] wrote: Hi! My connectionURL in server.xml now looks like this: "jdbc:mysql://localhost/auth?user=rootpassword=somepassword" and tomcat doesn't start up (although there is no error msg or anything) and when i execute tomcat stop i get the following exception: org.xml.sax.SAXParseException: Next character must be ";" terminating reference to entity "password" and a stack trace follows... why is that? I guess you should escape the "" character in your connectionURL by replacing it with "amp;", as the XML parser will parse entities like "lt;" or "quote;" or things like that... Try jdbc:mysql://localhost/auth?user=rootamp;password=somepassword instead, that should work... np: Flanger - Nightbeat 1 (Midnight Sound) - Sent through MailGateway - http://www.ssw.uni-linz.ac.at:2000/ Send or read your emails anywhere. - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] _ _ _ _ __ _ _ _ _ /\_\_\_\_\/\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __/\/_//\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_//\/_/ /\/_/ \/_/ /\/_/_/\/_//\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) Rob Tanner McMinnville, Oregon [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Protecting mysql access (was: re: mySQL again)
On our server, we basically grant NO remote access privileges to ANY users, including root. This means that any access to the database has to be done from the localhost. So instead of doing the two normal grants you might do, like this: GRANT SELECT,INSERT,UPDATE ON *.* TO soandso@localhost IDENTIFIED BY 'password'; GRANT SELECT,INSERT,UPDATE ON *.* TO soandso@"%" IDENTIFIED BY 'password'; The first allows access from the localhost. The second allows remote access. Just don't do the second. Then someone has to hack in and get local access to the database somehow and if they can do that, then you've got other security problems besides MySql! At 08:01 AM 3/1/2001 -0800, you wrote: Slightly off topic, but important! Having seen way too much in terms of hacking and system compromises, might I suggest you create another, and far less privileged user than root, for accessing mysql. Unless you've gone into the grant tables and creatd a different mysql superuser and reduced root's priv, then the root login to mysql is like root on unix, superuser, God, etc. If multiple users have shell access to the tomcat host system, and those same users are not authorized as mysql root, than I know of no way to keep unauthorized eyes from looking at the server.xml file other than by making it sysroot protected. But to do that, you need to run tomcat under root. If anyone has a good mechanism for securing the server's and/or servlet's credential for db access, I'd certainly love to hear it. That issue has been my one and only thorn in the side since I began switching for perl/cgi (where the solution to that issue is a no-brainer) to using tomcat. -- Rob --On Thursday, March 01, 2001 10:19:13 AM +0100 [EMAIL PROTECTED] wrote: Hi! My connectionURL in server.xml now looks like this: "jdbc:mysql://localhost/auth?user=rootpassword=somepassword" and tomcat doesn't start up (although there is no error msg or anything) and when i execute tomcat stop i get the following exception: org.xml.sax.SAXParseException: Next character must be ";" terminating reference to entity "password" and a stack trace follows... why is that? I guess you should escape the "" character in your connectionURL by replacing it with "amp;", as the XML parser will parse entities like "lt;" or "quote;" or things like that... Try jdbc:mysql://localhost/auth?user=rootamp;password=somepassword instead, that should work... np: Flanger - Nightbeat 1 (Midnight Sound) - Sent through MailGateway - http://www.ssw.uni-linz.ac.at:2000/ Send or read your emails anywhere. - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] _ _ _ _ __ _ _ _ _ /\_\_\_\_\/\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __/\/_//\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_//\/_/ /\/_/ \/_/ /\/_/_/\/_//\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) Rob Tanner McMinnville, Oregon [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] -- Rick Herrick [EMAIL PROTECTED] Nothing is amusing in zero gravity... PGP: http://www.rickherrick.com/pgpkey - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Protecting mysql access (was: re: mySQL again)
But that doesn't address the basic issue. If you have login privs on the machine and a shell account, or you've managed to sniff a password of someone who does, etc, than you have a potential security hole. Remember also, that more damage in terms of dallar value comes from inside, from those very folks you trust. The whole point of my post was that without locking down server.xml as root readable only, there's a good chance a user with ordinary privs might successfully read it -- this is a localhost, not a network issue. And other than running tomcat under root, I don't know of any sure file way to secure the db credentials tomcat and/or various servlets require to access the database (and, of course, the same is true whether it's mysql, oracle, sybase, postgres, etc, etc, etc). As far as you comment that in that case one has "other security problems besides MySQL!", I can't agree more. But at the same time, should you make matters worse by making the db root password readily available to snooping eyes? -- Rob --On Thursday, March 01, 2001 08:51:09 AM -0800 Rick Herrick [EMAIL PROTECTED] wrote: On our server, we basically grant NO remote access privileges to ANY users, including root. This means that any access to the database has to be done from the localhost. So instead of doing the two normal grants you might do, like this: GRANT SELECT,INSERT,UPDATE ON *.* TO soandso@localhost IDENTIFIED BY 'password'; GRANT SELECT,INSERT,UPDATE ON *.* TO soandso@"%" IDENTIFIED BY 'password'; The first allows access from the localhost. The second allows remote access. Just don't do the second. Then someone has to hack in and get local access to the database somehow and if they can do that, then you've got other security problems besides MySql! At 08:01 AM 3/1/2001 -0800, you wrote: Slightly off topic, but important! Having seen way too much in terms of hacking and system compromises, might I suggest you create another, and far less privileged user than root, for accessing mysql. Unless you've gone into the grant tables and creatd a different mysql superuser and reduced root's priv, then the root login to mysql is like root on unix, superuser, God, etc. If multiple users have shell access to the tomcat host system, and those same users are not authorized as mysql root, than I know of no way to keep unauthorized eyes from looking at the server.xml file other than by making it sysroot protected. But to do that, you need to run tomcat under root. If anyone has a good mechanism for securing the server's and/or servlet's credential for db access, I'd certainly love to hear it. That issue has been my one and only thorn in the side since I began switching for perl/cgi (where the solution to that issue is a no-brainer) to using tomcat. -- Rob --On Thursday, March 01, 2001 10:19:13 AM +0100 [EMAIL PROTECTED] wrote: Hi! My connectionURL in server.xml now looks like this: "jdbc:mysql://localhost/auth?user=rootpassword=somepassword" and tomcat doesn't start up (although there is no error msg or anything) and when i execute tomcat stop i get the following exception: org.xml.sax.SAXParseException: Next character must be ";" terminating reference to entity "password" and a stack trace follows... why is that? I guess you should escape the "" character in your connectionURL by replacing it with "amp;", as the XML parser will parse entities like "lt;" or "quote;" or things like that... Try jdbc:mysql://localhost/auth?user=rootamp;password=somepassword instead, that should work... np: Flanger - Nightbeat 1 (Midnight Sound) --- -- Sent through MailGateway - http://www.ssw.uni-linz.ac.at:2000/ Send or read your emails anywhere. --- -- --- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] _ _ _ _ __ _ _ _ _ /\_\_\_\_\/\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __/\/_//\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_//\/_/ /\/_/ \/_/ /\/_/_/\/_//\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) Rob Tanner McMinnville, Oregon [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] -- Rick Herrick [EMAIL PROTECTED] Nothing is amusing in zero gravity... PGP: http://www.rickherrick.com/pgpkey - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] _ _ _ _