Hello.
Searching in the manual didn't return me any pages which have
"five-tiered" inside. If you're interested in MySQL security read
this:
http://dev.mysql.com/doc/refman/5.0/en/security.html
http://dev.mysql.com/doc/refman/5.0/en/privilege-system.html
&g
I get a concept about mysql security. It's named "five-tiered access
control".Can you tell me the detail of this concept?
Hello everyone'
I'm interesting and working in IT security and have to do some security test.
Sometime there is a oracle DB, sometime, it's about mySQL.
I found a lot a free scripts'n' tools to check the oracle security
level but i' did not find any for mySQL.
I only found a '.c' file which try
There is a bot active on the internet that is infecting Windows machines
running MySQL Server:
http://isc.sans.org/diary.php?isc=a508f4a185755af19ea8bd45444a570b
An alert with background information is already available on:
http://dev.mysql.com/tech-resources/articles/security_alert.html
The
s to one database(one directory). They
> will work normally. I don't know my operation is correct or not. And I
> want to get more suggestions about mysql security, more details
> better.
>
> Look forward to hearing from you, thanks lot.
To ask a correct question you should know h
know my operation is correct or not. And I
want to get more suggestions about mysql security, more details
better.
Look forward to hearing from you, thanks lot.
Michael
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[
Sheraz <[EMAIL PROTECTED]> wrote:
> How can i achieve Security acpect in mysql?
> How secure can we make transactions over internet for
> 3306 ?
Use SSL.
--
For technical support contracts, goto https://order.mysql.com/?ref=ensita
This email is sponsored by Ensita.net http://www.ensita
How can i achieve Security acpect in mysql?
How secure can we make transactions over internet for
3306 ?
Thanks
Sak
__
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
--
MySQL General
Thank you Victoria and Mikhail.
thanks a lot
Victoria Reznichenko <[EMAIL PROTECTED]> wrote:
Timotius Alfa wrote:
>
> Hi All,
>
> I'm newbie in MYSQL. Would please tell me about Mysql Security ?
>
> I used Windows2000 for mysql server.
>
Privilege sys
Timotius Alfa <[EMAIL PROTECTED]> wrote:
>
> Hi All,
>
> I'm newbie in MYSQL. Would please tell me about Mysql Security ?
>
> I used Windows2000 for mysql server.
>
Privilege system of MySQL is described in the following section of the manual:
Hi,
> I'm newbie in MYSQL. Would please tell me about Mysql Security ?
Generally you can find a lot of information about MySQL on
http://www.mysql.com/doc/en/
About your question you can read here:
http://www.mysql.com/doc/en/Privilege_system.html
Mikhail.
- Original Message ---
Hi All,
I'm newbie in MYSQL. Would please tell me about Mysql Security ?
I used Windows2000 for mysql server.
thank you
-
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
nt: Saturday, April 05, 2003 9:38 AM
To: [EMAIL PROTECTED]
Subject: MySQL & security
I'm running MySQL 4.0.12-standard on Mac OS X (10.2.4), for local use
only. As no-one else needs access to the database, I'm trying to make
it as secure as possible... so far I've added skip-na
I'm running MySQL 4.0.12-standard on Mac OS X (10.2.4), for local use
only. As no-one else needs access to the database, I'm trying to make
it as secure as possible... so far I've added skip-name-resolve,
skip-networking and safe-user-create into my.cnf. I've also seen
bind-ip=127.0.0.1 mention
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On Thu, 19 Dec 2002, Michael Widenius wrote:
> With 'DROP DATABASE database_name'.
> Through the depricated client function 'mysql_drop_db()'.
>
> The first case works correct but in the second case the grant check
> is not done. I tracked this
Hi!
Mark> Hi,
Gary> I'd like to add to the "security flaw" thread with my own experience.
Gary> I have been hosting MySQL databases for over 2 years and on a few occasions
Gary> have had user databases disappear.
Gary> Last month one of my admin databases was dropped. The only user
http://iConnect.de>
Heesestr. 6, 12169 Berlin (Germany)
Telefon: +49 30 7970948-0 Fax: +49 30 7970948-3
- Original Message -
From: "Csongor Fagyal" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, December 18, 2002 11:33 AM
Subject: Re: MySQL sec
18, 2002 5:34 AM
> To: [EMAIL PROTECTED]
> Subject: Re: MySQL security flaws uncovered
>
>
> Michael She wrote:
>
> > It's bad for business : )
> >
> > Maybe they're taking the MS route.
>
> I second this. These vulnerabilities are serious, t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
thanks for your message.
On Wed, 18 Dec 2002, Gary Huntress wrote:
> I'd like to add to the "security flaw" thread with my own experience. I
> have been hosting MySQL databases for over 2 years and on a few
> occasions have had user databases di
Hi,
I'd like to add to the "security flaw" thread with my own experience.
I have been hosting MySQL databases for over 2 years and on a few occasions
have had user databases disappear.
Last month one of my admin databases was dropped. The only user who has
access to that database is root
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 18 Dec 2002, Csongor Fagyal wrote:
> Michael She wrote:
>
> > It's bad for business : )
> > Maybe they're taking the MS route.
>
> I second this. These vulnerabilities are serious, they must be given
> more attention. Apache, PHP, RedHat and s
Michael She wrote:
It's bad for business : )
Maybe they're taking the MS route.
I second this. These vulnerabilities are serious, they must be given
more attention. Apache, PHP, RedHat and so on and so on are very careful
with issues like this, all vulnerabilities/exploits are immediately
p
It's bad for business : )
Maybe they're taking the MS route.
At 12:19 AM 12/18/2002 -0500, Michael Bacarella wrote:
A good question posted to another list..
forwarded message follows
> Several vulnerabilities have been found in the MySQL database system, a
> light database package c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 18 Dec 2002, Michael Bacarella wrote:
> A good question posted to another list..
>
> forwarded message follows
>
> > Several vulnerabilities have been found in the MySQL database system,
> > a light database package commonly used in
A good question posted to another list..
forwarded message follows
> Several vulnerabilities have been found in the MySQL database system, a
> light database package commonly used in Linux environments but which runs
> also on Microsoft platforms, HP-Unix, Mac OS and more.
> http://zdne
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On Tue, 17 Dec 2002, Jannie Qu wrote:
> I got the following information. Does any one of you know whether it
> will impact my MySQL db server or not: Version 3.23.53 with InnoDB on
> Mac OS Darwin Kernel Version 6.2. If it does, what's the soluti
Hi, all,
sql, query.
Greetings.
I got the following information. Does any one of you know whether it will
impact my MySQL db server or not: Version 3.23.53 with InnoDB on Mac OS
Darwin Kernel Version 6.2. If it does, what's the solution?
Thank you,
Jannie Qu
==
as apache.
Now, my problem is that I am paranoid about hackers who are able to break
in through apache and assume the user "apache". Who can then issue
mysql "selects" and "inserts" on the cookies table.
Does anyone have pointers to mysql security docs and such where I c
On Tue, Jul 16, 2002 at 02:51:59PM +0200, Mathias Bertelsen wrote:
> Hello
>
> Do you think MySQL is secure enough to keep peoples bookkeeping in?
> is it safe enough to use without risk of losing important data? Is
> it necessary to do anything to make it secure? (eg. use of
> transactions/backu
, 2002 8:51 AM
Subject: MySQL security
>
> Hello
>
> I have a question for all you MySQL people out there
>
> We are a group of people planning to make a small open source
> ERP/accounting/finance program. We have earlier used MySQL to great
> satisfaction in other areas
Hello
I have a question for all you MySQL people out there
We are a group of people planning to make a small open source
ERP/accounting/finance program. We have earlier used MySQL to great
satisfaction in other areas and would like to use it here. My question is:
Do you think MySQL is secure en
On Tue, 16 Apr 2002, David Ayliffe wrote:
> Are MySQL really going to give you details of their past security
> 'issues'?
>
> Think about it. Try going underground and looking on some exploit
> sites.
>
> DA
>
>
> >
> Hi,
> I'm working on security breaches in MySQL. Can someone guide me i
Are MySQL really going to give you details of their past security
'issues'?
Think about it. Try going underground and looking on some exploit
sites.
DA
>
Hi,
I'm working on security breaches in MySQL. Can someone guide me in this.
To be precise can you tell me about some literature, some
Hi,
I'm working on security breaches in MySQL. Can someone guide me
in this. To be precise can you tell me about some literature,
some book which is easy to understand and also profound ! If
anyone is working on that, I'll be more than happy to interact.
Thanking you.
Paras.
- Original Message -
From: <[EMAIL PROTECTED]>
To: Michael Vejs <[EMAIL PROTECTED]>
Sent: Friday, February 22, 2002 12:45 PM
Subject: Re: MySQL security on Win2k server ??
> Your message cannot be posted because it appears to be either spam or
> simply off topic
rtigas Center
Pasig City
Tel: (632) 634-5141/ (632) 634-5140
Fax: (632) 634-5139
- Original Message -
From: "Gerald R. Jensen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, January 08, 2002 11:25 AM
Subject: Re: mySQL security
> Dear "- -&quo
eate a user for yourself and give it
full permissions, then use it to administer teh database.
Gerald Jensen
- Original Message -
From: "- -" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 07, 2002 9:13 PM
Subject: mySQL security
Hi all,
I have s
Hi all,
I have set up mySQL database server on my web server running on RH Linux7.2.
There are 2 user accounts, root and dummy who can access to databases. I'm
wondering how to restrict the accesss to mysql (the db which stores user id,
password, etc...). Right now, both users can run select, de
> Hi!
>
> On Oct 28, Kevin Maynard wrote:
> > I have been building an extensive dB with MySQL for a large Insurance
> > Company and am nearing the completion stage. I have build several PHP
> > forms to show the preliminary pages to the various groups who will be
> > using this dB.
> >
> > I have
Hi!
On Oct 28, Kevin Maynard wrote:
> I have been building an extensive dB with MySQL for a large Insurance
> Company and am nearing the completion stage. I have build several PHP
> forms to show the preliminary pages to the various groups who will be
> using this dB.
>
> I have created the
Monday, 29 October 2001 11:52 a.m.
To: [EMAIL PROTECTED]
Subject: MySQL Security w/ PHP
I have been building an extensive dB with MySQL for a large Insurance
Company and am nearing the completion stage. I have build several PHP
forms to show the preliminary pages to the various groups who will
I have been building an extensive dB with MySQL for a large Insurance
Company and am nearing the completion stage. I have build several PHP
forms to show the preliminary pages to the various groups who will be
using this dB.
I have created the sign-in page where each user has types in their I
> The fact that he has logged on should not require him to specify
> password again.
This fact means: when a user is logged in, he is allowed to use the
mysql-server:
use this one:( every logged -on -user on localhost has all rights to
every base and table without pw)
GRANT USAGE ON *.*
TO "
-- Forwarded message --
Date: Thu, 26 Jul 2001 13:15:06 -0400 (EDT)
From: sachin shetty <[EMAIL PROTECTED]>
To: Christian Grimm <[EMAIL PROTECTED]>
Subject: Re: Mysql Security
Thanks Christian
But when a user connects to the server isnt it mandatory to specify
Hello my friend,
shure its possible!
additional you can insert into the user table of mysql the encryptet
Password-Hash of your local
etc.shadow-Phile to verify the correct Password and authenticate the the
user.
Hope it helps
Christian
sachin shetty wrote:
> Hello
>
> Is it possible to auth
Hello
Is it possible to authenticate a user running mysql client by comparing
the unix username($LOGNAME) with the user table in mysql.It seems more
secure than specifying the authenticaton parameters in a configuation
file or along with the client.
Thanks
Sachin
---
On Fri, 8 Jun 2001, nyon wrote:
> I installed MySQL on Windows NT.
> Currently, I login in using annoyomous user.
> I can't seem to login in as root user.
> The syntax is : mysql -u root -p xxx
With the above command mysql thinks you are trying to access
database xxx using a password to be spec
I installed MySQL on Windows NT.
Currently, I login in using annoyomous user.
I can't seem to login in as root user.
The syntax is : mysql -u root -p xxx
It's seems funny as I can see the root password in the MySQL database --> user table.
Any help ?
Nyon
TED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: MySQL Security
>
> > Make sure that the files are not world readable.
>
> In Linux system, In order to run CGI in PERL script, that perl script
> must be 755. It is read by any users and Perl is written in text format, so
&
Taing Nguon wrote:
>
> > Make sure that the files are not world readable.
>
> In Linux system, In order to run CGI in PERL script, that perl script
> must be 755. It is read by any users and Perl is written in text format, so
> Its is easy to know user and password of MYSQL. How do you think
"Taing Nguon" <[EMAIL PROTECTED]> wrote:
>
> > Make sure that the files are not world readable.
>
> In Linux system, In order to run CGI in PERL script, that perl script
> must be 755. It is read by any users and Perl is written in text format, so
No entirely true. The reason the files are
ELP
Million of thanks
Regards
Taing Nguon
> On Tue, 3 Apr 2001, Taing Nguon wrote:
>
> > Date: Tue, 3 Apr 2001 09:52:30 +0700
> > From: Taing Nguon <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Subject: MySQL Security
> >
> > Dear sir or madam
> I would think that if the user does not have grant options set on the
> particular DB in the mysql.db table, then he would not be able to access
it
> using DBI, even if he is a local user.
I have already tried to do it by myself. and I found that although any user
has no MYSQL user's account,
Make sure that the files are not world readable.
On Tue, 3 Apr 2001, Taing Nguon wrote:
> Date: Tue, 3 Apr 2001 09:52:30 +0700
> From: Taing Nguon <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: MySQL Security
>
> Dear sir or madam
>
> MySQL user'
Taing Nguon wrote:
>
> Dear sir or madam
>
> MySQL user's account is not related to user's account on Linux System, so they
>can be different.
>
> My problem is that I use perl DBI to interact MySQL server as belows:
>
> --
> use DBI;
> $dbh = DBI->connect("DBI:mysql:DatabaseName","$u
Dear sir or madam
MySQL user's account is not related to user's account on Linux System, so they can
be different.
My problem is that I use perl DBI to interact MySQL server as belows:
--
use DBI;
$dbh = DBI->connect("DBI:mysql:DatabaseName","$user","$password");
---
So $user and
Hi!
On Jan 15, Nicolas GREGOIRE wrote:
>
>
> Sergei Golubchik a Ucrit :
> >
> > Hi!
> >
> > On Jan 12, JoUo Gouveia wrote:
> > > Hi,
> > >
> > > I believe i've found a problem in MySql. Here are some test's i've made in
> > > 3.22.27 x86( also tested on v3.22.32 - latest stable, although i didn't
Sergei Golubchik a écrit :
>
> Hi!
>
> On Jan 12, João Gouveia wrote:
> > Hi,
> >
> > I believe i've found a problem in MySql. Here are some test's i've made in
> > 3.22.27 x86( also tested on v3.22.32 - latest stable, although i didn't
> > debug it, just tested to see if crashes ).
>
> Confirm
Hi!
On Jan 12, João Gouveia wrote:
> Hi,
>
> I believe i've found a problem in MySql. Here are some test's i've made in
> 3.22.27 x86( also tested on v3.22.32 - latest stable, although i didn't
> debug it, just tested to see if crashes ).
Confirmed up to latest 3.23
This will be fixed ASAP!
Th
Hi,
I believe i've found a problem in MySql. Here are some test's i've made in
3.22.27 x86( also tested on v3.22.32 - latest stable, although i didn't
debug it, just tested to see if crashes ).
On one terminal:
spike:/var/mysql # /sbin/init.d/mysql start
Starting service MySQL.
Starting mysqld
60 matches
Mail list logo