Re: Security Question

If it's a DoS attack then perhaps you should be speaking to your ISP and getting that resolved rather than trying to work around the problem on your side of things! Having said that, you could possibly impose host level restrictions in MySQL, but that could be a lot of work to modify your exis

Re: security question CAN-2005-0709 CAN-2005-0710 CAN-2005-0711

[EMAIL PROTECTED] wrote: MySQL has moved WELL past the 3.23.x lineage and is getting close to retiring the 4.0.x lineage (it's only a rumor). So I suggest you update Not completely a rumor; on August 2, Heikki wrote: "As far as I know, one release of 4.0 will still be built." Considering th

Re: security question CAN-2005-0709 CAN-2005-0710 CAN-2005-0711

I agree with you, I will upgrade . Thanks for the advice. On 8/16/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > Alejandro <[EMAIL PROTECTED]> wrote on 08/16/2005 03:01:59 PM: > > > > Hi, > > > > I have installed binary mysql version 3.23.58 downloaded from > www.mysql.org. >

Re: security question CAN-2005-0709 CAN-2005-0710 CAN-2005-0711

Alejandro <[EMAIL PROTECTED]> wrote on 08/16/2005 03:01:59 PM: > Hi, > > I have installed binary mysql version 3.23.58 downloaded from www.mysql.org. > In changelog from the documentation say that the release is from > september 2003 and the security bug is in March 2005. > What can I do ? How

Re: Security Question

Hi! On Nov 27, DeBug wrote: > >>>- Someone copies the DB files to another box, starts a mysql > >>>instance, loads the DB and presto - views the 'private' data !!! > >>> > > PD> Sure. That's why you establish filesystem level access privileges so that > PD> only the mysql user can copy them in t

RE: Security Question

erver would not be too significant? Best regards, Andy > -Original Message- > From: Curley, Thomas [mailto:[EMAIL PROTECTED] > Sent: 26 November 2003 13:22 > To: [EMAIL PROTECTED] > Subject: RE: Security Question > Importance: High > > > thanks for reply - the r

Re: Security Question

At 03:21 PM 11/26/2003, you wrote: If someone can copy your database files, you're hosed. All the attacker need do is start the server with --skip-grant-tables, and he can can connect to it with no password, and has complete access to any files managed by the server. Paul & Curley,

Re: Security Question

At 16:13 -0500 11/26/03, Kevin Carlson wrote: Curley, Thomas wrote: I am trying to find a solution to the following security issue with MySql DB on linux - Someone copies the DB files to another box, starts a mysql instance, loads the DB and presto - views the 'private' data !!! As all the ot

Re: Security Question

Curley, Thomas wrote: I am trying to find a solution to the following security issue with MySql DB on linux - Someone copies the DB files to another box, starts a mysql instance, loads the DB and presto - views the 'private' data !!! As all the other posters have mentioned, you should have ti

RE: Security Question

At 07:22 AM 11/26/2003, you wrote: Another Assumption -- Encrypting / decrypting all data on the fly would be too expensive and grind the app to a halt Not true. There are some databases that can encrypt records on the fly without any speed degradation (< 1%) using either Blowfis

Re: Security Question

Stefan Kuhn wrote: To the chap who siad its not a DB issue - I will check with Oracle but I'm sure that dropping in a directory in oracle will not give you full access to a database (a clear one that is) The chap was me :-) I'm sure it does on oracle. Once you have an Oracle installation and

Re: Security Question

Hi! On Nov 26, Curley, Thomas wrote: > thanks for reply - the requirement comes from a security audit - so > try to think in terms of a hacker > > Obviously and (I had assumed) > 1.- the files would have tight unix security file permissions > applied > 2.- indeed the key would be stored o

Re: Security Question

Hacker gets in this way: ->[Webserver][rooted]->[DBServer][rooted]->File_Access(/var/lib/mysql/database) I'd say the "major security breach" is already when the Webserver is rooted.^ If he gets to your webserver he could still read WHATEVER DATA he wants from your database with the information he

Re: Security Question

> To the chap who siad its not a DB issue - I will check with Oracle but I'm > sure that dropping in a directory in oracle will not give you full access > to a database (a clear one that is) The chap was me :-) I'm sure it does on oracle. Once you have an Oracle installation and got hold of all da

Re: Security Question

On Wednesday 26 November 2003 13:43, Curley, Thomas wrote: > Mike > > Correct and this is the architecture. The internet facing box has a > routable IP, the DB box is separate and is not ext routable. > > The issue the security review highlighted strongly was the fact that if a > hacker got access

RE: Security Question

EMAIL PROTECTED] Sent: 26 November 2003 13:36 To: Curley, Thomas; [EMAIL PROTECTED] Subject: RE: Security Question One of the first things that I did at my former job was to turn off all external-facing network adapters to our DB machines. If you're fortunate enough that your DB resides on it

RE: Security Question

g location, the more roadblocks you put between a potential hacker and your sensitive data, the better. -M -Original Message- From: Curley, Thomas [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 8:22 AM To: [EMAIL PROTECTED] Subject: RE: Security Question Importance: High t

Re: Security Question

Thomas > > > > > > > -Original Message- > From: Fagyal, Csongor [mailto:[EMAIL PROTECTED] > Sent: 26 November 2003 12:51 > To: Curley, Thomas > Cc: [EMAIL PROTECTED] > Subject: Re: Security Question > > > Thomas, > > >I am trying to find a sol

Re: Security Question

On Wednesday 26 November 2003 13:22, Curley, Thomas wrote: > Another Assumption > -- > Encrypting / decrypting all data on the fly would be too expensive and > grind the app to a halt > > So the question again :- > > Any ideas on how to avoid having data files stored with abso

RE: Security Question

solution to this then MySql should not be used on internet accessible boxes for dynamic web sites Thomas -Original Message- From: Fagyal, Csongor [mailto:[EMAIL PROTECTED] Sent: 26 November 2003 12:51 To: Curley, Thomas Cc: [EMAIL PROTECTED] Subject: Re: Security Question Thomas

Re: Security Question

Thomas, I am trying to find a solution to the following security issue with MySql DB on linux - Someone copies the DB files to another box, starts a mysql instance, loads the DB and presto - views the 'private' data !!! Well, "someone" should not have access rights to the DB files on the firs

re: Security question

Daniel, Monday, October 28, 2002, 1:06:10 AM, you wrote: DLS> In my mysql.db file, I have some lines like: DLS> %.private | somedb | someuser | Y | Y | Y | Y | Y | Y | N | Y | Y | Y DLS> So, I have an internal domain called private, those hosts are in an DLS> internal DNS, and can be reverse

Re: Security question

Mike, Thursday, August 15, 2002, 12:45:06 AM, you wrote: MH> Hi there, MH> I posted this a few days ago and recieved no responses, so I thought I would MH> post it again: Mike, I answered you yesterday. MH> Hi All; MH> I am working on a front end to my database, but I am running into a bit of

Re: Security Question

LOAD DATA [LOW_PRIORITY] [LOCAL] INFILE 'file_name.txt' [REPLACE | IGNORE] INTO TABLE tbl_name [FIELDS [TERMINATED BY '\t'] [OPTIONALLY] ENCLOSED BY ''] [ESCAPED BY '\\' ]] [LINES TERMINATED BY '\n'] [IGNORE number LINES] [(col_name,...)] The LOAD DATA