Sheraz [EMAIL PROTECTED] wrote:
How can i achieve Security acpect in mysql?
How secure can we make transactions over internet for
3306 ?
Use SSL.
--
For technical support contracts, goto https://order.mysql.com/?ref=ensita
This email is sponsored by Ensita.net
Thank you Victoria and Mikhail.
thanks a lot
Victoria Reznichenko [EMAIL PROTECTED] wrote:
Timotius Alfa wrote:
Hi All,
I'm newbie in MYSQL. Would please tell me about Mysql Security ?
I used Windows2000 for mysql server.
Privilege system of MySQL is described in the following
Hi,
I'm newbie in MYSQL. Would please tell me about Mysql Security ?
Generally you can find a lot of information about MySQL on
http://www.mysql.com/doc/en/
About your question you can read here:
http://www.mysql.com/doc/en/Privilege_system.html
Mikhail.
- Original Message -
From:
Timotius Alfa [EMAIL PROTECTED] wrote:
Hi All,
I'm newbie in MYSQL. Would please tell me about Mysql Security ?
I used Windows2000 for mysql server.
Privilege system of MySQL is described in the following section of the manual:
In your user table in the mysql database, remove all the lines that allow
logins from other hosts.
mysql use mysql
mysql delete from user where host localhost;
mysql flush privileges;
-ms
-Original Message-
From: Mel [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 05, 2003 9:38 AM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On Thu, 19 Dec 2002, Michael Widenius wrote:
With 'DROP DATABASE database_name'.
Through the depricated client function 'mysql_drop_db()'.
The first case works correct but in the second case the grant check
is not done. I tracked this down
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 18 Dec 2002, Michael Bacarella wrote:
A good question posted to another list..
forwarded message follows
Several vulnerabilities have been found in the MySQL database system,
a light database package commonly used in Linux
It's bad for business : )
Maybe they're taking the MS route.
At 12:19 AM 12/18/2002 -0500, Michael Bacarella wrote:
A good question posted to another list..
forwarded message follows
Several vulnerabilities have been found in the MySQL database system, a
light database package
Michael She wrote:
It's bad for business : )
Maybe they're taking the MS route.
I second this. These vulnerabilities are serious, they must be given
more attention. Apache, PHP, RedHat and so on and so on are very careful
with issues like this, all vulnerabilities/exploits are immediately
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 18 Dec 2002, Csongor Fagyal wrote:
Michael She wrote:
It's bad for business : )
Maybe they're taking the MS route.
I second this. These vulnerabilities are serious, they must be given
more attention. Apache, PHP, RedHat and so on and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
thanks for your message.
On Wed, 18 Dec 2002, Gary Huntress wrote:
I'd like to add to the security flaw thread with my own experience. I
have been hosting MySQL databases for over 2 years and on a few
occasions have had user databases
To: [EMAIL PROTECTED]
Subject: Re: MySQL security flaws uncovered
Michael She wrote:
It's bad for business : )
Maybe they're taking the MS route.
I second this. These vulnerabilities are serious, they must be given
more attention. Apache, PHP, RedHat and so on and so on are
very
(Germany)
Telefon: +49 30 7970948-0 Fax: +49 30 7970948-3
- Original Message -
From: Csongor Fagyal [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 18, 2002 11:33 AM
Subject: Re: MySQL security flaws uncovered
Michael She wrote:
It's bad for business : )
Maybe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On Tue, 17 Dec 2002, Jannie Qu wrote:
I got the following information. Does any one of you know whether it
will impact my MySQL db server or not: Version 3.23.53 with InnoDB on
Mac OS Darwin Kernel Version 6.2. If it does, what's the
We use MySQL to store financial data and have never had a problem.
The things you mentioned (transactions/backup/power failure security) should
be used with ANY database that stores critical information that cannot be
lost. No database is completely bullet proof. Regular backups stored at an
On Tue, Jul 16, 2002 at 02:51:59PM +0200, Mathias Bertelsen wrote:
Hello
Do you think MySQL is secure enough to keep peoples bookkeeping in?
is it safe enough to use without risk of losing important data? Is
it necessary to do anything to make it secure? (eg. use of
Are MySQL really going to give you details of their past security
'issues'?
Think about it. Try going underground and looking on some exploit
sites.
DA
Hi,
I'm working on security breaches in MySQL. Can someone guide me in this.
To be precise can you tell me about some literature, some book
On Tue, 16 Apr 2002, David Ayliffe wrote:
Are MySQL really going to give you details of their past security
'issues'?
Think about it. Try going underground and looking on some exploit
sites.
DA
Hi,
I'm working on security breaches in MySQL. Can someone guide me in this.
To be
Dear - -:
I would revoke all permissions for dummy, then create new permissions for
users on a database-by-database basis. If you look at the syntax for GRANT
in the manual, you can stipulate which databases a user would have access
to.
A word of caution: don't use root. Create a user for
Hi!
On Oct 28, Kevin Maynard wrote:
I have been building an extensive dB with MySQL for a large Insurance
Company and am nearing the completion stage. I have build several PHP
forms to show the preliminary pages to the various groups who will be
using this dB.
I have created the
Have you tried something like
SELECT User,Password from user where (User=$ID AND Password($PW)=password);
ie. equate the result of password(string) to the stored, encrypted,
password
Regards
Quentin
-Original Message-
From: Kevin Maynard [mailto:[EMAIL PROTECTED]]
Sent: Monday, 29
Hi!
On Oct 28, Kevin Maynard wrote:
I have been building an extensive dB with MySQL for a large Insurance
Company and am nearing the completion stage. I have build several PHP
forms to show the preliminary pages to the various groups who will be
using this dB.
I have created the
-- Forwarded message --
Date: Thu, 26 Jul 2001 13:15:06 -0400 (EDT)
From: sachin shetty [EMAIL PROTECTED]
To: Christian Grimm [EMAIL PROTECTED]
Subject: Re: Mysql Security
Thanks Christian
But when a user connects to the server isnt it mandatory to specify the
password
The fact that he has logged on should not require him to specify
password again.
This fact means: when a user is logged in, he is allowed to use the
mysql-server:
use this one:( every logged -on -user on localhost has all rights to
every base and table without pw)
GRANT USAGE ON *.*
TO
I installed MySQL on Windows NT.
Currently, I login in using annoyomous user.
I can't seem to login in as root user.
The syntax is : mysql -u root -p xxx
It's seems funny as I can see the root password in the MySQL database -- user table.
Any help ?
Nyon
PROTECTED]
Subject: Re: MySQL Security
Make sure that the files are not world readable.
In Linux system, In order to run CGI in PERL script, that perl script
must be 755. It is read by any users and Perl is written in text format, so
Its is easy to know user and password of MYSQL. How do you t
Make sure that the files are not world readable.
On Tue, 3 Apr 2001, Taing Nguon wrote:
Date: Tue, 3 Apr 2001 09:52:30 +0700
From: Taing Nguon [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: MySQL Security
Dear sir or madam
MySQL user's account is not related to user's account on
I would think that if the user does not have grant options set on the
particular DB in the mysql.db table, then he would not be able to access
it
using DBI, even if he is a local user.
I have already tried to do it by myself. and I found that although any user
has no MYSQL user's account,
Make sure that the files are not world readable.
In Linux system, In order to run CGI in PERL script, that perl script
must be 755. It is read by any users and Perl is written in text format, so
Its is easy to know user and password of MYSQL. How do you think about
this?Need More HELP
"Taing Nguon" [EMAIL PROTECTED] wrote:
Make sure that the files are not world readable.
In Linux system, In order to run CGI in PERL script, that perl script
must be 755. It is read by any users and Perl is written in text format, so
No entirely true. The reason the files are set to
Taing Nguon wrote:
Make sure that the files are not world readable.
In Linux system, In order to run CGI in PERL script, that perl script
must be 755. It is read by any users and Perl is written in text format, so
Its is easy to know user and password of MYSQL. How do you think about
Taing Nguon wrote:
Dear sir or madam
MySQL user's account is not related to user's account on Linux System, so they
can be different.
My problem is that I use perl DBI to interact MySQL server as belows:
--
use DBI;
$dbh =
Sergei Golubchik a crit :
Hi!
On Jan 12, Joo Gouveia wrote:
Hi,
I believe i've found a problem in MySql. Here are some test's i've made in
3.22.27 x86( also tested on v3.22.32 - latest stable, although i didn't
debug it, just tested to see if crashes ).
Confirmed up to latest
Hi!
On Jan 15, Nicolas GREGOIRE wrote:
Sergei Golubchik a Ucrit :
Hi!
On Jan 12, JoUo Gouveia wrote:
Hi,
I believe i've found a problem in MySql. Here are some test's i've made in
3.22.27 x86( also tested on v3.22.32 - latest stable, although i didn't
debug it, just
34 matches
Mail list logo
