RE: Access denied for user 'root'@'localhost' (using password: NO)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Technical Director Sent: Thursday, February 03, 2005 3:47 AM To: Ted Mittelstaedt Cc: Positive Negative; freebsd-questions@freebsd.org; Technical Director Subject: RE: Access denied for user 'root'@'localhost' (using password: NO) On Thu, 3 Feb 2005, Ted Mittelstaedt wrote: Do you run php database driven apps on the same server as you use to provide shell services? I don't. If the webserver is configured right it won't allow remote clients to read the scripts, only execute them. Ted, Shared hosting sites, in my experience anyways which I will grant doesn't mean much, is that your ftp access gives you: -rw-r--r-- {$your_name} {$web_group} somefile.php where {$web_group} is a common group that everyone belongs to and other is always readable just cause it's easier leaving the file/directory mask as is. Yes I see. I might also submit that the ISP dumb enough to give a customer the root userID and password on the mysql server that they are running on that shared server deserves what they get. Meaning that if you can cd to some other users dir you can read that file. As well, in the case of php at least, web use of php does not require the execute bit to be set at all, only the read bit. Yes, that is a good point - but I wasn't referring to that though. The webserver should know that if it's got a .php extension that it's supposed to run the file, not give it out plaintext to some remote bozo with a web browser. Again I speak for web use php scripts. It is true that if you have a shared server setup with php, and you are selling/giving/whatever customer access to php on this server, that a customer foolish enough to have a php script setup world-readable that has his database name and userID and password in it, is basically allowing any other customer that has access to this server, access to his database. And that other customer through ignorance or malice could wipe out the first customers data. Of course, this doesen't compromise any other customers database on that mysql server a we are presuming that the ISP has issued individual userID's and passwords for each database to every customer. (NOT the root password) Speaking as an ISP I would say if this happened to one of our customers I would pretty much have the attitude of too bad, not our problem as this would have meant that the customer with the trashed database would have not actually bothered to read the information packet we gave to him when he first requested php access on his shared site. I think most other ISPs would have the same attitude. We're a nasty bunch. To me, [EMAIL PROTECTED] pretty much implied that the poster was managing the mysql server. I cannot imagine him having this kind of access on a shared server. (at least, not on one that was run by any halfway competent ISP that is) Actually as a point of fact about once a quarter I have a customer e-mail me that he thinks that we must not have any security on our shared webserver since he can do a cd ../ then ls -l and see everyone's files. (we give shell access on some of our shared webservers) That is the time I explain that it's really none of our business if a customer chooses to exercise their right to NOT change the permissions bits on their files. That usually quiets the smart guy down espically after I explain that he's quite obviously chosen not to change the permissions bits on his own files as well. :-) Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Access denied for user 'root'@'localhost' (using password: NO)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Technical Director Sent: Wednesday, February 02, 2005 8:15 PM To: Positive Negative Cc: freebsd-questions@freebsd.org Subject: Re: Access denied for user 'root'@'localhost' (using password: NO) Positive Negative, You might seriously consider not using '[EMAIL PROTECTED]' as well I would bet 10 to 1 that he's installing an application that already is designed NOT to use the mysql root user to access it's database. This is a case of someone who isn't understanding the design of the app he's setting up. It worked only because he was running an out-of-box sql server install which had nothing for a root password. He probably misread the instructions and used root instead of the username that he was supposed to use. since most php scripts read the username/password information in clear text on a nobody:nobody read filesystem. IOW other people can read your files. Do you run php database driven apps on the same server as you use to provide shell services? I don't. If the webserver is configured right it won't allow remote clients to read the scripts, only execute them. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Access denied for user 'root'@'localhost' (using password: NO)
Try these links: http://dev.mysql.com/doc/mysql/en/privileges.html http://dev.mysql.com/doc/mysql/en/can-not-connect-to-server.html http://dev.mysql.com/doc/mysql/en/request-access.html http://dev.mysql.com/doc/mysql/en/privilege-system.html --Nick On Wed, 2 Feb 2005 18:41:40 -0800, Positive Negative [EMAIL PROTECTED] wrote: Warning: Access denied for user 'root'@'localhost' (using password: NO) in /usr/local/www/sites/bender69/webcal/includes/php-dbi.php on line 48 Error connecting to database: Access denied for user 'root'@'localhost' (using password: NO) OK, how do i change it back. /usr/local/bin/mysqladmin -u root password This is where it got messed up how do i fix it? -- AIM: FucPsSht ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Access denied for user 'root'@'localhost' (using password: NO)
Positive Negative, You might seriously consider not using '[EMAIL PROTECTED]' as well since most php scripts read the username/password information in clear text on a nobody:nobody read filesystem. IOW other people can read your files. Possibly making the username/password somewhat cryptic, say writing a function to dizzify the usually clear text or at least setting up a specific user/pass combination for specific databases is a very good idea. eg: $S_userName=__callDizzyFunc(); $S_passInfo=__callDizzyFunc(); At least this is SOMEWHAT more protective then: $S_userName='root'; $S_passInfo='password'; 2 cents. Rob. On Wed, 2 Feb 2005, Positive Negative wrote: Warning: Access denied for user 'root'@'localhost' (using password: NO) in /usr/local/www/sites/bender69/webcal/includes/php-dbi.php on line 48 Error connecting to database: Access denied for user 'root'@'localhost' (using password: NO) OK, how do i change it back. /usr/local/bin/mysqladmin -u root password This is where it got messed up how do i fix it? -- AIM: FucPsSht ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]