If it's a DoS attack then perhaps you should be speaking to your ISP and
getting that resolved rather than trying to work around the problem on
your side of things!
Having said that, you could possibly impose host level restrictions in
MySQL, but that could be a lot of work to modify your exis
[EMAIL PROTECTED] wrote:
MySQL has moved WELL past the 3.23.x lineage and is getting close to
retiring the 4.0.x lineage (it's only a rumor). So I suggest you update
Not completely a rumor; on August 2, Heikki wrote: "As far as I know,
one release of 4.0 will still be built."
Considering th
I agree with you,
I will upgrade .
Thanks for the advice.
On 8/16/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
>
> Alejandro <[EMAIL PROTECTED]> wrote on 08/16/2005 03:01:59 PM:
>
>
> > Hi,
> >
> > I have installed binary mysql version 3.23.58 downloaded from
> www.mysql.org.
>
Alejandro <[EMAIL PROTECTED]> wrote on 08/16/2005 03:01:59 PM:
> Hi,
>
> I have installed binary mysql version 3.23.58 downloaded from
www.mysql.org.
> In changelog from the documentation say that the release is from
> september 2003 and the security bug is in March 2005.
> What can I do ? How
Hi!
On Nov 27, DeBug wrote:
> >>>- Someone copies the DB files to another box, starts a mysql
> >>>instance, loads the DB and presto - views the 'private' data !!!
> >>>
>
> PD> Sure. That's why you establish filesystem level access privileges so that
> PD> only the mysql user can copy them in t
erver would not be too significant?
Best regards,
Andy
> -Original Message-
> From: Curley, Thomas [mailto:[EMAIL PROTECTED]
> Sent: 26 November 2003 13:22
> To: [EMAIL PROTECTED]
> Subject: RE: Security Question
> Importance: High
>
>
> thanks for reply - the r
At 03:21 PM 11/26/2003, you wrote:
If someone can copy your database files, you're hosed. All the attacker
need do is start the server with --skip-grant-tables, and he can can
connect to it with no password, and has complete access to any files
managed by the server.
Paul & Curley,
At 16:13 -0500 11/26/03, Kevin Carlson wrote:
Curley, Thomas wrote:
I am trying to find a solution to the following security issue with
MySql DB on linux
- Someone copies the DB files to another box, starts a mysql
instance, loads the DB and presto - views the 'private' data !!!
As all the ot
Curley, Thomas wrote:
I am trying to find a solution to the following security issue with MySql DB on linux
- Someone copies the DB files to another box, starts a mysql instance, loads the DB and presto - views the 'private' data !!!
As all the other posters have mentioned, you should have ti
At 07:22 AM 11/26/2003, you wrote:
Another Assumption
--
Encrypting / decrypting all data on the fly would be too expensive and
grind the app to a halt
Not true. There are some databases that can encrypt records on the fly
without any speed degradation (< 1%) using either Blowfis
Stefan Kuhn wrote:
To the chap who siad its not a DB issue - I will check with Oracle but I'm
sure that dropping in a directory in oracle will not give you full access
to a database (a clear one that is)
The chap was me :-) I'm sure it does on oracle. Once you have an Oracle
installation and
Hi!
On Nov 26, Curley, Thomas wrote:
> thanks for reply - the requirement comes from a security audit - so
> try to think in terms of a hacker
>
> Obviously and (I had assumed)
> 1.- the files would have tight unix security file permissions
> applied
> 2.- indeed the key would be stored o
Hacker gets in this way:
->[Webserver][rooted]->[DBServer][rooted]->File_Access(/var/lib/mysql/database)
I'd say the "major security breach" is already when the Webserver is rooted.^
If he gets to your webserver he could still read WHATEVER DATA he wants from
your database with the information he
> To the chap who siad its not a DB issue - I will check with Oracle but I'm
> sure that dropping in a directory in oracle will not give you full access
> to a database (a clear one that is)
The chap was me :-) I'm sure it does on oracle. Once you have an Oracle
installation and got hold of all da
On Wednesday 26 November 2003 13:43, Curley, Thomas wrote:
> Mike
>
> Correct and this is the architecture. The internet facing box has a
> routable IP, the DB box is separate and is not ext routable.
>
> The issue the security review highlighted strongly was the fact that if a
> hacker got access
EMAIL PROTECTED]
Sent: 26 November 2003 13:36
To: Curley, Thomas; [EMAIL PROTECTED]
Subject: RE: Security Question
One of the first things that I did at my former job was to turn off all
external-facing network adapters to our DB machines. If you're fortunate
enough that your DB resides on it
g location, the more
roadblocks you put between a potential hacker and your sensitive data, the
better.
-M
-Original Message-
From: Curley, Thomas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 8:22 AM
To: [EMAIL PROTECTED]
Subject: RE: Security Question
Importance: High
t
Thomas
>
>
>
>
>
>
> -Original Message-
> From: Fagyal, Csongor [mailto:[EMAIL PROTECTED]
> Sent: 26 November 2003 12:51
> To: Curley, Thomas
> Cc: [EMAIL PROTECTED]
> Subject: Re: Security Question
>
>
> Thomas,
>
> >I am trying to find a sol
On Wednesday 26 November 2003 13:22, Curley, Thomas wrote:
> Another Assumption
> --
> Encrypting / decrypting all data on the fly would be too expensive and
> grind the app to a halt
>
> So the question again :-
>
> Any ideas on how to avoid having data files stored with abso
solution to this then MySql should not be used on internet accessible
boxes for dynamic web sites
Thomas
-Original Message-
From: Fagyal, Csongor [mailto:[EMAIL PROTECTED]
Sent: 26 November 2003 12:51
To: Curley, Thomas
Cc: [EMAIL PROTECTED]
Subject: Re: Security Question
Thomas
Thomas,
I am trying to find a solution to the following security issue with MySql DB on linux
- Someone copies the DB files to another box, starts a mysql instance, loads the DB and presto - views the 'private' data !!!
Well, "someone" should not have access rights to the DB files on the
firs
Daniel,
Monday, October 28, 2002, 1:06:10 AM, you wrote:
DLS> In my mysql.db file, I have some lines like:
DLS> %.private | somedb | someuser | Y | Y | Y | Y | Y | Y | N | Y | Y | Y
DLS> So, I have an internal domain called private, those hosts are in an
DLS> internal DNS, and can be reverse
Mike,
Thursday, August 15, 2002, 12:45:06 AM, you wrote:
MH> Hi there,
MH> I posted this a few days ago and recieved no responses, so I thought I would
MH> post it again:
Mike, I answered you yesterday.
MH> Hi All;
MH> I am working on a front end to my database, but I am running into a bit of
LOAD DATA [LOW_PRIORITY] [LOCAL] INFILE 'file_name.txt' [REPLACE | IGNORE]
INTO TABLE tbl_name
[FIELDS
[TERMINATED BY '\t']
[OPTIONALLY] ENCLOSED BY '']
[ESCAPED BY '\\' ]]
[LINES TERMINATED BY '\n']
[IGNORE number LINES]
[(col_name,...)]
The LOAD DATA
24 matches
Mail list logo