RE: Access denied for user 'root'@'localhost' (using password: NO)

[Ted Mittelstaedt]

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Technical
 Director
 Sent: Thursday, February 03, 2005 3:47 AM
 To: Ted Mittelstaedt
 Cc: Positive Negative; freebsd-questions@freebsd.org;
 Technical Director
 Subject: RE: Access denied for user 'root'@'localhost' (using password:
 NO)



 On Thu, 3 Feb 2005, Ted Mittelstaedt wrote:

  Do you run php database driven apps on the same server as you use to
  provide shell services?  I don't.  If the webserver is configured
  right it won't allow remote clients to read the scripts, only execute
  them.

 Ted,

 Shared hosting sites, in my experience anyways which I will
 grant doesn't
 mean much, is that your ftp access gives you:

 -rw-r--r-- {$your_name} {$web_group} somefile.php

 where {$web_group} is a common group that everyone belongs to and other
 is always readable just cause it's easier leaving the
 file/directory mask
 as is.


Yes I see.  I might also submit that the ISP dumb enough to give a
customer the root userID and password on the mysql server that
they are running on that shared server deserves what they get.

 Meaning that if you can cd to some other users dir you can
 read that file.

 As well, in the case of php at least, web use of php does not
 require the
 execute bit to be set at all, only the read bit.


Yes, that is a good point - but I wasn't referring to that though.
The webserver should know that if it's got a .php extension that
it's supposed to run the file, not give it out plaintext to some
remote bozo with a web browser.

 Again I speak for web use php scripts.


It is true that if you have a shared server setup with php, and you
are selling/giving/whatever customer access to php on this server,
that a customer foolish enough to have a php script setup world-readable
that has his database name and userID and password in it,
is basically allowing any other customer that has access to this
server, access to his database.  And that other customer through
ignorance
or malice could wipe out the first customers data.  Of course, this
doesen't compromise any other customers database on that mysql server
a we are presuming that the ISP has issued individual userID's and
passwords for each database to every customer.  (NOT the root password)

Speaking as an ISP I would say if this happened to one of our customers
I would pretty much have the attitude of too bad, not our problem
as this would have meant that the customer with the trashed database
would have not actually bothered to read the information packet we
gave to him when he first requested php access on his shared site.
I think most other ISPs would have the same attitude.  We're a nasty
bunch.

To me, [EMAIL PROTECTED] pretty much implied that the poster was
managing the mysql server.  I cannot imagine him having this
kind of access on a shared server.  (at least, not on one that was
run by any halfway competent ISP that is)

Actually as a point of fact about once a quarter I have a customer
e-mail me that he thinks that we must not have any security on our
shared webserver since he can do a cd ../ then ls -l and see everyone's
files.  (we give shell access on some of our shared webservers)  That
is the time I explain that it's really none of our business if a customer
chooses to exercise their right to NOT change the permissions bits
on their files.  That usually quiets the smart guy down
espically after I explain that he's quite obviously chosen not to
change the permissions bits on his own files as well. :-)

Ted

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: Access denied for user 'root'@'localhost' (using password: NO)

[Ted Mittelstaedt]

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Technical
 Director
 Sent: Wednesday, February 02, 2005 8:15 PM
 To: Positive Negative
 Cc: freebsd-questions@freebsd.org
 Subject: Re: Access denied for user 'root'@'localhost' (using password:
 NO)



 Positive Negative,

 You might seriously consider not using '[EMAIL PROTECTED]' as
 well

I would bet 10 to 1 that he's installing an application that already
is designed NOT to use the mysql root user to access it's database.
This is a case of someone who isn't understanding the design of
the app he's setting up.  It worked only because he was running an
out-of-box sql server install which had nothing for a root password.
He probably misread the instructions and used root instead of the
username that he was supposed to use.

 since most
 php scripts read the username/password information in clear text on a
 nobody:nobody read filesystem. IOW other people can read your files.


Do you run php database driven apps on the same server as you use to
provide shell services?  I don't.  If the webserver is configured
right it won't allow remote clients to read the scripts, only execute
them.

Ted

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Access denied for user 'root'@'localhost' (using password: NO)

[Nick Pavlica]

Try these links:

http://dev.mysql.com/doc/mysql/en/privileges.html

http://dev.mysql.com/doc/mysql/en/can-not-connect-to-server.html

http://dev.mysql.com/doc/mysql/en/request-access.html

http://dev.mysql.com/doc/mysql/en/privilege-system.html

--Nick

On Wed, 2 Feb 2005 18:41:40 -0800, Positive Negative
[EMAIL PROTECTED] wrote:
 Warning: Access denied for user 'root'@'localhost' (using password:
 NO) in /usr/local/www/sites/bender69/webcal/includes/php-dbi.php on
 line 48
 Error connecting to database:
 
 Access denied for user 'root'@'localhost' (using password: NO)
 
 
 
 OK, how do i change it back.
 
 /usr/local/bin/mysqladmin -u root password
 
 This is where it got messed up
 
 how do i fix it?
 
 --
  AIM: FucPsSht
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Access denied for user 'root'@'localhost' (using password: NO)

[Technical Director]

Positive Negative,

You might seriously consider not using '[EMAIL PROTECTED]' as well since most
php scripts read the username/password information in clear text on a
nobody:nobody read filesystem. IOW other people can read your files.

Possibly making the username/password somewhat cryptic, say writing a
function to dizzify the usually clear text or at least setting up a
specific user/pass combination for specific databases is a very good idea.

eg:

$S_userName=__callDizzyFunc();
$S_passInfo=__callDizzyFunc();

At least this is SOMEWHAT more protective then:

$S_userName='root';
$S_passInfo='password';

2 cents.

Rob.

On Wed, 2 Feb 2005, Positive Negative wrote:

 Warning: Access denied for user 'root'@'localhost' (using password:
 NO) in /usr/local/www/sites/bender69/webcal/includes/php-dbi.php on
 line 48
 Error connecting to database:

 Access denied for user 'root'@'localhost' (using password: NO)


 

 OK, how do i change it back.

 /usr/local/bin/mysqladmin -u root password

 This is where it got messed up

 how do i fix it?


 --
  AIM: FucPsSht
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]