Re: Security issues

In infinite wisdom "Jerry Schwartz" wrote: > Back when this was a day-to-day concern of mine, I used to check CERT's > website (the section now known as their "Vulnerability Notes Database", > http://www.kb.cert.org/vuls). If securing the database is your job, then you really need to drink fr

RE: Security issues

Back when this was a day-to-day concern of mine, I used to check CERT's website (the section now known as their "Vulnerability Notes Database", http://www.kb.cert.org/vuls). Unfortunately, I see that the last entry for MySQL is from years ago. Regards, Jerry Schwartz Global Information Incorpo

RE: Security issues

ement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > From: wult...@gmail.com > Date: Mon, 24 May 2010 13:45:35 -0700 > Subject: Re: Security issues > To: mgai..

Re: Security issues

On Mon, May 24, 2010 at 1:42 PM, Martin Gainty wrote: > Good Afternoon Rob- > > if you're implementing either glassfish or weblogic webserver > your "best fit solution" would be Oracle Identity Manager > > there are 'other' identity solutions such as RSA which are > 1)far more complex .. > 2)virtu

RE: Security issues

email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > From: wult...@gmail.com > Date: Mon, 24 May 2010 13:27:52 -0700 > Subject: Re: Security issues > To: je...@gii.co.jp > CC: mgai...@hotmail.com; mysql

Re: Security issues

On Mon, May 24, 2010 at 12:07 PM, Jerry Schwartz wrote: >>-Original Message- >>From: Rob Wultsch [mailto:wult...@gmail.com] >>Sent: Saturday, May 22, 2010 11:52 AM >>To: Martin Gainty >>Cc: mysql@lists.mysql.com >>Subject: Re: Security issues >>

RE: Security issues

>-Original Message- >From: Rob Wultsch [mailto:wult...@gmail.com] >Sent: Saturday, May 22, 2010 11:52 AM >To: Martin Gainty >Cc: mysql@lists.mysql.com >Subject: Re: Security issues > >On Sat, May 22, 2010 at 5:44 AM, Martin Gainty wrote: >> Good Morning Rob-

Re: Security issues

You could use CVE, Postgre's security page doesn't seem to sync with their CVE entries, even though they reference CVE entries on their comprehensive security page. http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=postgresql http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mysql JW On Sat, May 22

Re: Security issues

On Sat, May 22, 2010 at 5:44 AM, Martin Gainty wrote: > Good Morning Rob- > > one vulnerability (with UDFs) > http://dev.mysql.com/tech-resources/articles/security_alert.html > > a manager considering a enterprise-wide security solution may want > to consider Oracle Identity Manager (with Glassfis

RE: Security issues

Good Morning Rob- one vulnerability (with UDFs) http://dev.mysql.com/tech-resources/articles/security_alert.html a manager considering a enterprise-wide security solution may want to consider Oracle Identity Manager (with Glassfish 3.2) http://under-linux.org/en/content/oracle-introduces-

Re: Security overrides in mysql.cnf

At 2:51 PM -0500 3/19/08, Brown, Charles wrote: I inherited a mysql server database. Stuff are not documented. My question is: Are there any security work-arounds in mysql. I have access to the cnf file. I need to get in and dump the database. I was told that the cnf file allows security over ri

Re: Security overrides in mysql.cnf

On Wed, Mar 19, 2008 at 3:51 PM, Brown, Charles <[EMAIL PROTECTED]> wrote: > I inherited a mysql server database. Stuff are not documented. My > question is: Are there any security work-arounds in mysql. I have access > to the cnf file. I need to get in and dump the database. I was told that >

Re: Security overrides in mysql.cnf

Hi, On 3/19/08 3:51 PM, "Brown, Charles" <[EMAIL PROTECTED]> wrote: > I inherited a mysql server database. Stuff are not documented. My > question is: Are there any security work-arounds in mysql. I have access > to the cnf file. I need to get in and dump the database. I was told that > the cnf

Re: Security settings won't take during installation

Hi Adrian, On 8/25/06, Adrian Greeman <[EMAIL PROTECTED]> wrote: "The security settings could not be applied to the database because the .. I am pasting here the text of one of my earlier posts to this list: I got MySQL 5.0.22 running successful

Re: Security fix for 4.0.27?

On Mon, Jun 05, 2006 at 10:16:05PM -0700, Ken Williams wrote: > Anyone know if 4.0.27 will be fixed for the mysql_real_escape issue? > (http://lists.mysql.com/announce/364) > > 4.1 and 5 have been already, kinda wondering why 4.0 hasn't. It will not, because 4.0 does not have this bug. Jim Winst

Re: Security Question

If it's a DoS attack then perhaps you should be speaking to your ISP and getting that resolved rather than trying to work around the problem on your side of things! Having said that, you could possibly impose host level restrictions in MySQL, but that could be a lot of work to modify your exis

Re: security question CAN-2005-0709 CAN-2005-0710 CAN-2005-0711

[EMAIL PROTECTED] wrote: MySQL has moved WELL past the 3.23.x lineage and is getting close to retiring the 4.0.x lineage (it's only a rumor). So I suggest you update Not completely a rumor; on August 2, Heikki wrote: "As far as I know, one release of 4.0 will still be built." Considering th

Re: security question CAN-2005-0709 CAN-2005-0710 CAN-2005-0711

I agree with you, I will upgrade . Thanks for the advice. On 8/16/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > Alejandro <[EMAIL PROTECTED]> wrote on 08/16/2005 03:01:59 PM: > > > > Hi, > > > > I have installed binary mysql version 3.23.58 downloaded from > www.mysql.org. >

Re: security question CAN-2005-0709 CAN-2005-0710 CAN-2005-0711

Alejandro <[EMAIL PROTECTED]> wrote on 08/16/2005 03:01:59 PM: > Hi, > > I have installed binary mysql version 3.23.58 downloaded from www.mysql.org. > In changelog from the documentation say that the release is from > september 2003 and the security bug is in March 2005. > What can I do ? How

Re: security and extended ascii characters

Chris W wrote: In an effort to make sure no binary data is maliciously submitted via a form I have code the makes sure all characters in any input field are with in the range of a space to a "~". However now that I am getting some users of my site from Europe, that are having problems submittin

RE: security reason for not using load data infile local?

It depends on the variable. Can you give an example of the variable you are trying to set? As far as the load data infile, I believe it depends on how your database will be accessed. If you have a need for remote administration or are working with geographically separated databases then the ability

Re: security reason for not using load data infile local?

Ginger, can't speak to the log file issue but check out this link for the dynamic server variables: http://dev.mysql.com/doc/mysql/en/Dynamic_System_Variables.html Best O'luck, Tripp --- Ginger Cheng <[EMAIL PROTECTED]> wrote: > Hello, MySQL gurus, > Sometimes the 'local' option of 'load

Re: Security

Thank you very much. Makes sense. - Original Message - From: "Curtis Maurand" <[EMAIL PROTECTED]> To: "Mulugeta Maru" <[EMAIL PROTECTED]> Cc: "Mike Johnson" <[EMAIL PROTECTED]>; "MySQL" <[EMAIL PROTECTED]> Sent: Frid

Re: Security

7;s record. > In short how would you restrict customer a to see transactions that pertain > to him/her. > > Many thanks. > - Original Message - > From: "Mike Johnson" <[EMAIL PROTECTED]> > To: "MySQL" <[EMAIL PROTECTED]> >

RE: Security

From: Mulugeta Maru [mailto:[EMAIL PROTECTED] > Hi Mike, > > I am sorry for the confusion I might have caused. May be it > would help to give a clear example. > > Table - Customers (CustomerID, CustomerName, Address, etc) > > Table - Transaction(TransactionID,CustomerID,Date,Amount) > > Note:

Re: Security

You've been perfectly clear. The MySQL permission system will not define this level of security. You must design you application so that it will only give access to the rows that pertain to the customer that is logged in. Create a MySQL user which can read and write to your database. Then cr

Re: Security

At 20:39 -0600 3/10/04, Mulugeta Maru wrote: Hi Mike, I am sorry for the confusion I might have caused. May be it would help to give a clear example. Table - Customers (CustomerID, CustomerName, Address, etc) Table - Transaction(TransactionID,CustomerID,Date,Amount) Note: CustomerID in Customer

Re: Security

esday, March 10, 2004 4:55 PM Subject: RE: Security > From: Maru, Mulugeta [mailto:[EMAIL PROTECTED] > > > When I go online to access my bank account I only see > > transactions pertain to my account only. I think when ever I > > make a transaction the database records

Re: Security

> -Original Message- > From: Joshua J. Kugler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 10, 2004 5:34 PM > To: Mulugeta Maru; MySQL > Subject: Re: Security > > > Only being able to see certain rows is not a function of MySQL, it is a > function of the applic

RE: Security

From: Maru, Mulugeta [mailto:[EMAIL PROTECTED] > When I go online to access my bank account I only see > transactions pertain to my account only. I think when ever I > make a transaction the database records my account number in > the transaction table. When I log-in using my account number >

RE: Security

not and run another query to get all transaction that match my account number. Do I make sense? -Original Message- From: Joshua J. Kugler [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 5:34 PM To: Mulugeta Maru; MySQL Subject: Re: Security Only being able to see certain rows

Re: Security

Only being able to see certain rows is not a function of MySQL, it is a function of the application you write for the user to access the database. If a user has permission to read a table, they can read all rows. It is up to your application to make sure they are only seeing rows that apply to

Re: Security

ope my question is clear. > > Maru > - Original Message - > From: "Paul Rigor" <[EMAIL PROTECTED]> > To: "Mulugeta Maru" <[EMAIL PROTECTED]>; "MySQL" <[EMAIL PROTECTED]> > Sent: Tuesday, March 09, 2004 7:46 PM > Subject: Re: S

Re: Security

PROTECTED]>; "MySQL" <[EMAIL PROTECTED]> Sent: Tuesday, March 09, 2004 7:46 PM Subject: Re: Security > Heya, > > Those are the default databases that comes with the setup. the "mysql" > database holds info on mysql accounts. the "test" is an empty >

Re: Security

Heya, Those are the default databases that comes with the setup. the "mysql" database holds info on mysql accounts. the "test" is an empty database. You should create a new database "CREATE DATABASE customers" then "use customers"... after that... you can setup the tables you mentioned. Goo

Re: Security issues

On Wed, 2004-01-14 at 13:32, Chris W wrote: > Are there many php or mysql configuration considerations for making the > site secure? I have already done the obvious with my sql and set up the > grant tables with passwords for all users and removed the [EMAIL PROTECTED] user. Give the MySQL user

Re: Security Question

Hi! On Nov 27, DeBug wrote: > >>>- Someone copies the DB files to another box, starts a mysql > >>>instance, loads the DB and presto - views the 'private' data !!! > >>> > > PD> Sure. That's why you establish filesystem level access privileges so that > PD> only the mysql user can copy them in t

RE: Security Question

erver would not be too significant? Best regards, Andy > -Original Message- > From: Curley, Thomas [mailto:[EMAIL PROTECTED] > Sent: 26 November 2003 13:22 > To: [EMAIL PROTECTED] > Subject: RE: Security Question > Importance: High > > > thanks for reply - the r

Re: Security Question

At 03:21 PM 11/26/2003, you wrote: If someone can copy your database files, you're hosed. All the attacker need do is start the server with --skip-grant-tables, and he can can connect to it with no password, and has complete access to any files managed by the server. Paul & Curley,

Re: Security Question

At 16:13 -0500 11/26/03, Kevin Carlson wrote: Curley, Thomas wrote: I am trying to find a solution to the following security issue with MySql DB on linux - Someone copies the DB files to another box, starts a mysql instance, loads the DB and presto - views the 'private' data !!! As all the ot

Re: Security Question

Curley, Thomas wrote: I am trying to find a solution to the following security issue with MySql DB on linux - Someone copies the DB files to another box, starts a mysql instance, loads the DB and presto - views the 'private' data !!! As all the other posters have mentioned, you should have ti

RE: Security Question

At 07:22 AM 11/26/2003, you wrote: Another Assumption -- Encrypting / decrypting all data on the fly would be too expensive and grind the app to a halt Not true. There are some databases that can encrypt records on the fly without any speed degradation (< 1%) using either Blowfis

Re: Security Question

Stefan Kuhn wrote: To the chap who siad its not a DB issue - I will check with Oracle but I'm sure that dropping in a directory in oracle will not give you full access to a database (a clear one that is) The chap was me :-) I'm sure it does on oracle. Once you have an Oracle installation and

Re: Security Question

Hi! On Nov 26, Curley, Thomas wrote: > thanks for reply - the requirement comes from a security audit - so > try to think in terms of a hacker > > Obviously and (I had assumed) > 1.- the files would have tight unix security file permissions > applied > 2.- indeed the key would be stored o

Re: Security Question

Hacker gets in this way: ->[Webserver][rooted]->[DBServer][rooted]->File_Access(/var/lib/mysql/database) I'd say the "major security breach" is already when the Webserver is rooted.^ If he gets to your webserver he could still read WHATEVER DATA he wants from your database with the information he

Re: Security Question

> To the chap who siad its not a DB issue - I will check with Oracle but I'm > sure that dropping in a directory in oracle will not give you full access > to a database (a clear one that is) The chap was me :-) I'm sure it does on oracle. Once you have an Oracle installation and got hold of all da

Re: Security Question

On Wednesday 26 November 2003 13:43, Curley, Thomas wrote: > Mike > > Correct and this is the architecture. The internet facing box has a > routable IP, the DB box is separate and is not ext routable. > > The issue the security review highlighted strongly was the fact that if a > hacker got access

RE: Security Question

EMAIL PROTECTED] Sent: 26 November 2003 13:36 To: Curley, Thomas; [EMAIL PROTECTED] Subject: RE: Security Question One of the first things that I did at my former job was to turn off all external-facing network adapters to our DB machines. If you're fortunate enough that your DB resides on it

RE: Security Question

g location, the more roadblocks you put between a potential hacker and your sensitive data, the better. -M -Original Message- From: Curley, Thomas [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 8:22 AM To: [EMAIL PROTECTED] Subject: RE: Security Question Importance: High t

Re: Security Question

Thomas > > > > > > > -Original Message- > From: Fagyal, Csongor [mailto:[EMAIL PROTECTED] > Sent: 26 November 2003 12:51 > To: Curley, Thomas > Cc: [EMAIL PROTECTED] > Subject: Re: Security Question > > > Thomas, > > >I am trying to find a sol

Re: Security Question

On Wednesday 26 November 2003 13:22, Curley, Thomas wrote: > Another Assumption > -- > Encrypting / decrypting all data on the fly would be too expensive and > grind the app to a halt > > So the question again :- > > Any ideas on how to avoid having data files stored with abso

RE: Security Question

solution to this then MySql should not be used on internet accessible boxes for dynamic web sites Thomas -Original Message- From: Fagyal, Csongor [mailto:[EMAIL PROTECTED] Sent: 26 November 2003 12:51 To: Curley, Thomas Cc: [EMAIL PROTECTED] Subject: Re: Security Question Thomas

Re: Security Question

Thomas, I am trying to find a solution to the following security issue with MySql DB on linux - Someone copies the DB files to another box, starts a mysql instance, loads the DB and presto - views the 'private' data !!! Well, "someone" should not have access rights to the DB files on the firs

Re: Security related! Not possible to hide table structure. I couldn't find..... ?

CTED]> An: <[EMAIL PROTECTED]> Gesendet: Montag, 4. August 2003 14:50 Betreff: RE: Security related! Not possible to hide table structure. I couldn't find. ? If you give access rights to a user on a DB, he will always be able to see the table structure. This is how it is implement

RE: Security related! Not possible to hide table structure. I couldn't find..... ?

If you give access rights to a user on a DB, he will always be able to see the table structure. This is how it is implemented in MySQL (which does not mean that I like this). Cheers /rudy -Original Message- From: QWERTY [mailto:[EMAIL PROTECTED] Sent: maandag 4 augustus 2003 14:47

Re: Security

Read the section of the manual on table types. Different table drivers offer differnt types of locking. ISAM and MYISAM don't, but BDB and INNODB types offer different types of row and or page locking. [EMAIL PROTECTED] wrote: Hello, I would like to know if MySQL allows for record locking. Also

Re: Security

>From the fine manual: "4.2 General Security Issues and the MySQL Access Privilege System MySQL has an advanced but non-standard security/privilege system. This section describes how it works." http://www.mysql.com/doc/en/Privilege_system.html Brian McCain - Original Message - From: <[E

re: Re: Security issues with LOAD DATA

This also does not enable me to upload a data file. My resulting SQL cardrdc> statement reads: cardrdc> LOAD DATA LOCAL '/tmp/phpgPhl51' INTO TABLE test FIELDS TERMINATED BY ',' cardrdc> ENCLOSED BY '"' ESCAPED BY '\\' LINES TERMINATED BY '\r\n' cardrdc> I have also tried: cardrdc> LOAD DATA LOC

Re: Security issues with LOAD DATA

Original Message - From: "Egor Egorov" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 03, 2002 5:50 AM Subject: re: Security issues with LOAD DATA > Chris, > Tuesday, December 03, 2002, 6:58:39 AM, you wrote: > > CW> I developed a

re: Security issues with LOAD DATA

Chris, Tuesday, December 03, 2002, 6:58:39 AM, you wrote: CW> I developed a PHP application where users can update a mySQL table using CW> LOAD DATA. Recently I installed this application on another web server where CW> the File Permissions have been set such that this method of uploading data CW>

re: Security question

Daniel, Monday, October 28, 2002, 1:06:10 AM, you wrote: DLS> In my mysql.db file, I have some lines like: DLS> %.private | somedb | someuser | Y | Y | Y | Y | Y | Y | N | Y | Y | Y DLS> So, I have an internal domain called private, those hosts are in an DLS> internal DNS, and can be reverse

Re: Security

At 5:54 -0500 10/17/02, Terry & Cheryl Haimann wrote: I was reading a book at B&N yesterday which left me with the impression that in MySQL you can do the following: What book was this? Define a group with specific security access. Then define a list of users that inherit this groups securit

Re: Security

I belive it will work in Windows Insane - Original Message - From: "Terry & Cheryl Haimann" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 17, 2002 4:24 PM Subject: Security > I was reading a book at B&N yesterday which left me with the impression that in MySQL you c

Re: security problem

Hello. On Wed 2002-10-02 at 09:49:30 -0400, [EMAIL PROTECTED] wrote: > Hi! I found a security bug on mysqlgui-win32-static-1.7.5-2. When I > install it on my desktop (win2k), I setup a password for the > database. What does "setup a password for the database" mean? Passwords are not per-database

Re: Security vulnerability

Hi! On Oct 01, Plesk Support wrote: > Any user in mysql can create as many databases as he wants. > Create a user with 1 database, and let him create database with name > "my_data_base". Log into mysql console as user and run command: > > CREATE DATABASE "my?data?base"; > > New databas

Re: Security: is 'root' truly neccessary?

At 16:53 -0700 9/24/02, Tom Emerson wrote: >Being new to MySQL, it took a while to grok how "security" works. Now that >I have a bit of a better understanding, a mental "revalation" is coming to >the surface of my mind: since "mysql" users are NOT unix/windows-domain >"users", is the "root" user

Re: Security problem

Daniel's, Friday, August 30, 2002, 3:11:17 AM, you wrote: DsL> *This message was transferred with a trial version of CommuniGate(tm) Pro* DsL> I installed Mac OS X 10.2 this last weekend and since then I've been DsL> having some problems with the security on the MySQL files. I thought DsL> tha

Re: Security question

Mike, Thursday, August 15, 2002, 12:45:06 AM, you wrote: MH> Hi there, MH> I posted this a few days ago and recieved no responses, so I thought I would MH> post it again: Mike, I answered you yesterday. MH> Hi All; MH> I am working on a front end to my database, but I am running into a bit of

Re: security

Hi. On Fri 2002-07-26 at 15:24:58 -0300, [EMAIL PROTECTED] wrote: > > Why should I close port 3306 used by mysql? What would happen if a > hacker use this port? You should close it (as far as reasonable only, of course), simply, because you lose nothing, but gain an additional layer a malicious

Re: security

Pada Fri, 26 Jul 2002 15:24:58 -0300 Anderson Pereira Ataides <[EMAIL PROTECTED]> menulis : > Why should I close port 3306 used by mysql? What would happen if a hacker use > this port? Hemmm ... if you close the port 3306, so where do you put the mysqld to LISTEN on ? Well, if you considering

Re: security

At 15:24 -0300 7/26/02, Anderson Pereira Ataides wrote: >Why should I close port 3306 used by mysql? What would happen if a hacker use >this port? You may want to close it at your firewall, if you want to allow the server to be used only by machines on the local side of the firewall. That will p

Re: security paranoia

On Tue, 11 Jun 2002, MikeParton wrote: > Where in the MySQL docs does it discuss DES_ENCRYPT/DES_DECRYPT support? > > Alternatively (and I am posting this to the php lists), anyone know where, > or if, I can get pre-compiled libmcrypt library for php 4.2.1? http://www.mysql.com/doc/M/i/Misce

Re: security paranoia

ROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 11, 2002 4:16 PM Subject: Re: security paranoia > > > On Tue, 11 Jun 2002, Ray wrote: > > > looking for something like > > encrypt(str, protected_str) > > and > > decrypt (crypt_str, private_str) > >

Re: security paranoia

On Tue, 11 Jun 2002, Ray wrote: > looking for something like > encrypt(str, protected_str) > and > decrypt (crypt_str, private_str) > and probably a make_key_pair() > > its not a vital part of my current project, but i'm sure someone will get > cracked into (again) and then there will be anothe

Re: Security

Since you are using a hosted database you probably can't change any of the security. What I would do is create a table of usernames and passwords (and any other releveant user data). When your users login, check their password and proceed accordingly. Craig At 02:44 AM 4/8/2002, you wrote:

Re: Security

John: Since you host your application(s) with your ISP, don't worry about it. It's a useful and valid question, but you're not in a position to address it completely while security is in control of someone beside yourself. Look here to make yourself better educated about MySQL security: http://

Re: [SECURITY] How do these blank passwords get into mysql.user?

»Philip Mak« sagte am 2002-02-19 um 10:25:38 -0500 : > One thing's been bothering me for a while: When I create a user and > database in MySQL, the user always ends up with an extra entry with > host='%' and password=''. How is this happening? This is how I create > a new database and user: > > m

Re: [SECURITY] How do these blank passwords get into mysql.user?

On Tue, Feb 19, 2002 at 04:39:10PM +0100, Peter Banik wrote: > you should explicitly specify host/password in the GRANT statement, like > this: > > GRANT ALL ON xxx.* TO user@'localhost' IDENTIFIED BY 'password'; > FLUSH PRIVILEGES; > > This way the user will only granted access from the specifi

Re: [SECURITY] How do these blank passwords get into mysql.user?

Philip, you should explicitly specify host/password in the GRANT statement, like this: GRANT ALL ON xxx.* TO user@'localhost' IDENTIFIED BY 'password'; FLUSH PRIVILEGES; This way the user will only granted access from the specified host, you don't need to manually INSERT into the user table.

RE: Security concerns on webserver with PHP & InnoDB

> -Original Message- > From: BD [mailto:[EMAIL PROTECTED]] > Sent: 18 February 2002 21:31 > To: [EMAIL PROTECTED] > Subject: Security concerns on webserver with PHP & InnoDB > > > I'm creating a web application with MySQL, PHP, InnoDB and I need to know > whether I should split the one l

Re: Security hole in mysqlhotcopy?

Ooops! Sorry, I tested it and it doesn't work! Sorry for misleading you... ;-) Bogdan Bogdan Stancescu wrote: > mysqlhotcopy -uroot -p test . > > Philip Mak wrote: > > > On Sun, 30 Dec 2001, Bogdan Stancescu wrote: > > > > > You can usually try providing an empty -p parameter and be asked for t

Re: Security hole in mysqlhotcopy?

mysqlhotcopy -uroot -p test . Philip Mak wrote: > On Sun, 30 Dec 2001, Bogdan Stancescu wrote: > > > You can usually try providing an empty -p parameter and be asked for the > > password afterwards. > > Doesn't seem to work: > > [mysql@lina mysql]$ mysqlhotcopy -u root -p "" test . > DBI->connec

Re: Security hole in mysqlhotcopy?

On Sun, 30 Dec 2001, Bogdan Stancescu wrote: > You can usually try providing an empty -p parameter and be asked for the > password afterwards. Doesn't seem to work: [mysql@lina mysql]$ mysqlhotcopy -u root -p "" test . DBI->connect(;host=localhost;mysql_read_default_group=mysqlhotcopy) failed:

Re: Security hole in mysqlhotcopy?

You can usually try providing an empty -p parameter and be asked for the password afterwards. Bogdan Philip Mak wrote: > As far as I can tell, mysqlhotcopy does not provide a way of specifying > the password anywhere other than the command line (e.g. it doesn't seem > to read .my.cnf). --

Re: Security problem in Access database

Jack writes: > 1. What should i do if i want to limit the user which can only edit the > record belongs to him/her. i mean user can only update to his own record but > not the others!! This sort of security is best handled at the application level. If you don't want your users to access the dat

Re: Security using ODBC

try driver vbmysql.dll at www.icarz.com/mysql/index.html SF At 16:00 24/8/2001 +0800, Jason Kwok wrote: >Hi, > > I want to write a program with VB in win98 box and connect to mySQL in >Linux. I think the only way to do is to connect thru ODBC with myODBC. But >with using ODBC, all ID & passw

Re: Security problem with 3.23.38

Hi! > "Sinisa" == Sinisa Milivojevic <[EMAIL PROTECTED]> writes: Sinisa> Robert Cross writes: >> >> I've got a wierd problem with 3.23.38, built from source, running on RedHat >> v6.2 (Intel). Put simply the wildcard character for user access doesn't >> work. From my reading of the docs an

Re: Security problem with 3.23.38

Robert Cross writes: > > > I wrote: > >Try first granting USAGE on *.* to both users with 'identified by ...' > >and then try granting database rights. > > Thanks Sinisa, that works perfectly. I've now got a wonderful small and > fast database > that I can let the users into! > > Bob Cross. Y

Re: Security problem with 3.23.38

I wrote: >> I've got a wierd problem with 3.23.38, built from source, running on RedHat >> v6.2 (Intel). Put simply the wildcard character for user access doesn't >> work. From my reading of the docs any of the following: >> grant all on mtdb.* to user1 identified by "bozo1"; >> grant

Re: Security problem with 3.23.38

Robert Cross writes: > > I've got a wierd problem with 3.23.38, built from source, running on RedHat > v6.2 (Intel). Put simply the wildcard character for user access doesn't > work. From my reading of the docs any of the following: > > grant all on mtdb.* to user1 identified by "bozo1"; >

RE: Security problems - Very Newbie!

> C:\>mysql grant all on *.* to administrator@sara identified by "delboy" Try this: C:\>mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 463668 to server version: 3.23.39-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> grant a

Re: Security

ROTECTED]> To: "Michael Tam" <[EMAIL PROTECTED]> Sent: Tuesday, July 10, 2001 12:00 PM Subject: Re: Security > Your first security problem is using Microsoft NT/2000. Switch to linux > 2.2.18/+ as a solution. > > Mark > > Michael Tam wrote: > > > >

Re: Security

Hello. On Wed, Jun 20, 2001 at 12:36:28PM +0100, [EMAIL PROTECTED] wrote: > Hi folks, > > How come I can access databases on my server using an illegal username and > password combination with the MySQL GUI? The username and password are valid > on the server but should only work on localhost an

Re: Security, ownership and daemon startup

Dear Y'all - Paul DuBois writes: > At 9:53 AM -0400 5/9/01, Brian Cuttler wrote: > > > >The developers that want to use the database would like ownership > >of the files and daemon so that they can modify and restart at will. > > Tell them to pick one of their accounts to be used for run

Re: Security, ownership and daemon startup

At 9:53 AM -0400 5/9/01, Brian Cuttler wrote: >Hello, > >We are installing MySQL 3.22.21 as pre-built for IRIX, installing >on IRIX 6.5.7m. > >The developers that want to use the database would like ownership >of the files and daemon so that they can modify and restart at will. Tell them to pick

Re: Security

On 4/9/01 10:12 AM, "Burke Patrick" <[EMAIL PROTECTED]> wrote: > Hi Lindsay, > > maybe you can help me? > > I am trying to give a user SELECT access to just one table in my database. > If I don't give him SELECT privileges in the mysql.user table or mysql.db > table, he cannot even login to the

Re: Security

"Ashley M. Kirchner" wrote: > > Okay, I'm about to rip my hair out trying to figure this out, and I > thought before I start looking for a gun, maybe I should ask.. > > I need someone to explain the 'mysql' database to me. I've tried > reading about it, tried different settings, but I'm

Re: Security

There's some good documentation (a lot of it in the form of 'warnings') on security aspects of the "mysql" database. http://mysql.com/documentation/mysql/bychapter/manual_Privilege_system.html#Privilege_system But, here's some quick notes: Anyone who has 'modify' permissions to the "mysql"

Re: Security

"Thalis A. Kalfigopoulos" wrote: > I haven't read Mysql's authorization mechanism from Paul's book, but from the >Oreilly book and it was pretty comprehensive and intuitive. I suggest you borrow that >book from your local library or buy it. Ya, it's already on its way...(the book that is).

Re: Security

Ashley, Are you using the GRANT statement? That is the easiest way to get it right. Read up on the GRANT SQL statement. Look at the examples... Using regular inserts into the mysql database, can cause improper input into the tables, which can (from personal experience) cause mysqld to not run.

  1   2   >