Hello.
Searching in the manual didn't return me any pages which have
five-tiered inside. If you're interested in MySQL security read
this:
http://dev.mysql.com/doc/refman/5.0/en/security.html
http://dev.mysql.com/doc/refman/5.0/en/privilege-system.html
I get a concept about mysql
I get a concept about mysql security. It's named five-tiered access
control.Can you tell me the detail of this concept?
Hello everyone'
I'm interesting and working in IT security and have to do some security test.
Sometime there is a oracle DB, sometime, it's about mySQL.
I found a lot a free scripts'n' tools to check the oracle security
level but i' did not find any for mySQL.
I only found a '.c' file which try
There is a bot active on the internet that is infecting Windows machines
running MySQL Server:
http://isc.sans.org/diary.php?isc=a508f4a185755af19ea8bd45444a570b
An alert with background information is already available on:
http://dev.mysql.com/tech-resources/articles/security_alert.html
The
). They
will work normally. I don't know my operation is correct or not. And I
want to get more suggestions about mysql security, more details
better.
Look forward to hearing from you, thanks lot.
To ask a correct question you should know half of the answer. :)
For your case, do FLUSH TABLES
my operation is correct or not. And I
want to get more suggestions about mysql security, more details
better.
Look forward to hearing from you, thanks lot.
Michael
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL
Sheraz [EMAIL PROTECTED] wrote:
How can i achieve Security acpect in mysql?
How secure can we make transactions over internet for
3306 ?
Use SSL.
--
For technical support contracts, goto https://order.mysql.com/?ref=ensita
This email is sponsored by Ensita.net
How can i achieve Security acpect in mysql?
How secure can we make transactions over internet for
3306 ?
Thanks
Sak
__
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
--
MySQL
Thank you Victoria and Mikhail.
thanks a lot
Victoria Reznichenko [EMAIL PROTECTED] wrote:
Timotius Alfa wrote:
Hi All,
I'm newbie in MYSQL. Would please tell me about Mysql Security ?
I used Windows2000 for mysql server.
Privilege system of MySQL is described in the following
Hi,
I'm newbie in MYSQL. Would please tell me about Mysql Security ?
Generally you can find a lot of information about MySQL on
http://www.mysql.com/doc/en/
About your question you can read here:
http://www.mysql.com/doc/en/Privilege_system.html
Mikhail.
- Original Message -
From
Timotius Alfa [EMAIL PROTECTED] wrote:
Hi All,
I'm newbie in MYSQL. Would please tell me about Mysql Security ?
I used Windows2000 for mysql server.
Privilege system of MySQL is described in the following section of the manual:
http://www.mysql.com/doc/en
Hi All,
I'm newbie in MYSQL. Would please tell me about Mysql Security ?
I used Windows2000 for mysql server.
thank you
-
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
I'm running MySQL 4.0.12-standard on Mac OS X (10.2.4), for local use
only. As no-one else needs access to the database, I'm trying to make
it as secure as possible... so far I've added skip-name-resolve,
skip-networking and safe-user-create into my.cnf. I've also seen
bind-ip=127.0.0.1
To: [EMAIL PROTECTED]
Subject: MySQL security
I'm running MySQL 4.0.12-standard on Mac OS X (10.2.4), for local use
only. As no-one else needs access to the database, I'm trying to make
it as secure as possible... so far I've added skip-name-resolve,
skip-networking and safe-user-create
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On Thu, 19 Dec 2002, Michael Widenius wrote:
With 'DROP DATABASE database_name'.
Through the depricated client function 'mysql_drop_db()'.
The first case works correct but in the second case the grant check
is not done. I tracked this down
Hi!
Mark Hi,
Gary I'd like to add to the security flaw thread with my own experience.
Gary I have been hosting MySQL databases for over 2 years and on a few occasions
Gary have had user databases disappear.
Gary Last month one of my admin databases was dropped. The only user
Gary
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 18 Dec 2002, Michael Bacarella wrote:
A good question posted to another list..
forwarded message follows
Several vulnerabilities have been found in the MySQL database system,
a light database package commonly used in Linux
It's bad for business : )
Maybe they're taking the MS route.
At 12:19 AM 12/18/2002 -0500, Michael Bacarella wrote:
A good question posted to another list..
forwarded message follows
Several vulnerabilities have been found in the MySQL database system, a
light database package
Michael She wrote:
It's bad for business : )
Maybe they're taking the MS route.
I second this. These vulnerabilities are serious, they must be given
more attention. Apache, PHP, RedHat and so on and so on are very careful
with issues like this, all vulnerabilities/exploits are immediately
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 18 Dec 2002, Csongor Fagyal wrote:
Michael She wrote:
It's bad for business : )
Maybe they're taking the MS route.
I second this. These vulnerabilities are serious, they must be given
more attention. Apache, PHP, RedHat and so on and
Hi,
I'd like to add to the security flaw thread with my own experience.
I have been hosting MySQL databases for over 2 years and on a few occasions
have had user databases disappear.
Last month one of my admin databases was dropped. The only user who has
access to that database is root
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
thanks for your message.
On Wed, 18 Dec 2002, Gary Huntress wrote:
I'd like to add to the security flaw thread with my own experience. I
have been hosting MySQL databases for over 2 years and on a few
occasions have had user databases
To: [EMAIL PROTECTED]
Subject: Re: MySQL security flaws uncovered
Michael She wrote:
It's bad for business : )
Maybe they're taking the MS route.
I second this. These vulnerabilities are serious, they must be given
more attention. Apache, PHP, RedHat and so on and so on are
very
(Germany)
Telefon: +49 30 7970948-0 Fax: +49 30 7970948-3
- Original Message -
From: Csongor Fagyal [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 18, 2002 11:33 AM
Subject: Re: MySQL security flaws uncovered
Michael She wrote:
It's bad for business : )
Maybe
Hi, all,
sql, query.
Greetings.
I got the following information. Does any one of you know whether it will
impact my MySQL db server or not: Version 3.23.53 with InnoDB on Mac OS
Darwin Kernel Version 6.2. If it does, what's the solution?
Thank you,
Jannie Qu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On Tue, 17 Dec 2002, Jannie Qu wrote:
I got the following information. Does any one of you know whether it
will impact my MySQL db server or not: Version 3.23.53 with InnoDB on
Mac OS Darwin Kernel Version 6.2. If it does, what's the
A good question posted to another list..
forwarded message follows
Several vulnerabilities have been found in the MySQL database system, a
light database package commonly used in Linux environments but which runs
also on Microsoft platforms, HP-Unix, Mac OS and more.
, my problem is that I am paranoid about hackers who are able to break
in through apache and assume the user apache. Who can then issue
mysql selects and inserts on the cookies table.
Does anyone have pointers to mysql security docs and such where I can do
what I want without these concerns?
Thanks
Hello
I have a question for all you MySQL people out there
We are a group of people planning to make a small open source
ERP/accounting/finance program. We have earlier used MySQL to great
satisfaction in other areas and would like to use it here. My question is:
Do you think MySQL is secure
at an
offsite location, UPS power supply protection, transactions, and LOTS of
testing before going live are the best things you can do.
Regards,
Daniel Lamb
- Original Message -
From: Mathias Bertelsen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 16, 2002 8:51 AM
Subject: MySQL
On Tue, Jul 16, 2002 at 02:51:59PM +0200, Mathias Bertelsen wrote:
Hello
Do you think MySQL is secure enough to keep peoples bookkeeping in?
is it safe enough to use without risk of losing important data? Is
it necessary to do anything to make it secure? (eg. use of
Hi,
I'm working on security breaches in MySQL. Can someone guide me
in this. To be precise can you tell me about some literature,
some book which is easy to understand and also profound ! If
anyone is working on that, I'll be more than happy to interact.
Thanking you.
Paras.
Are MySQL really going to give you details of their past security
'issues'?
Think about it. Try going underground and looking on some exploit
sites.
DA
Hi,
I'm working on security breaches in MySQL. Can someone guide me in this.
To be precise can you tell me about some literature, some book
On Tue, 16 Apr 2002, David Ayliffe wrote:
Are MySQL really going to give you details of their past security
'issues'?
Think about it. Try going underground and looking on some exploit
sites.
DA
Hi,
I'm working on security breaches in MySQL. Can someone guide me in this.
To be
Hi all,
I have set up mySQL database server on my web server running on RH Linux7.2.
There are 2 user accounts, root and dummy who can access to databases. I'm
wondering how to restrict the accesss to mysql (the db which stores user id,
password, etc...). Right now, both users can run select,
for yourself and give it
full permissions, then use it to administer teh database.
Gerald Jensen
- Original Message -
From: - - [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, January 07, 2002 9:13 PM
Subject: mySQL security
Hi all,
I have set up mySQL database server on my web server
Hi!
On Oct 28, Kevin Maynard wrote:
I have been building an extensive dB with MySQL for a large Insurance
Company and am nearing the completion stage. I have build several PHP
forms to show the preliminary pages to the various groups who will be
using this dB.
I have created the
I have been building an extensive dB with MySQL for a large Insurance
Company and am nearing the completion stage. I have build several PHP
forms to show the preliminary pages to the various groups who will be
using this dB.
I have created the sign-in page where each user has types in their
October 2001 11:52 a.m.
To: [EMAIL PROTECTED]
Subject: MySQL Security w/ PHP
I have been building an extensive dB with MySQL for a large Insurance
Company and am nearing the completion stage. I have build several PHP
forms to show the preliminary pages to the various groups who will be
using
Hi!
On Oct 28, Kevin Maynard wrote:
I have been building an extensive dB with MySQL for a large Insurance
Company and am nearing the completion stage. I have build several PHP
forms to show the preliminary pages to the various groups who will be
using this dB.
I have created the
Hello
Is it possible to authenticate a user running mysql client by comparing
the unix username($LOGNAME) with the user table in mysql.It seems more
secure than specifying the authenticaton parameters in a configuation
file or along with the client.
Thanks
Sachin
Hello my friend,
shure its possible!
additional you can insert into the user table of mysql the encryptet
Password-Hash of your local
etc.shadow-Phile to verify the correct Password and authenticate the the
user.
Hope it helps
Christian
sachin shetty wrote:
Hello
Is it possible to
-- Forwarded message --
Date: Thu, 26 Jul 2001 13:15:06 -0400 (EDT)
From: sachin shetty [EMAIL PROTECTED]
To: Christian Grimm [EMAIL PROTECTED]
Subject: Re: Mysql Security
Thanks Christian
But when a user connects to the server isnt it mandatory to specify the
password
The fact that he has logged on should not require him to specify
password again.
This fact means: when a user is logged in, he is allowed to use the
mysql-server:
use this one:( every logged -on -user on localhost has all rights to
every base and table without pw)
GRANT USAGE ON *.*
TO
I installed MySQL on Windows NT.
Currently, I login in using annoyomous user.
I can't seem to login in as root user.
The syntax is : mysql -u root -p xxx
It's seems funny as I can see the root password in the MySQL database -- user table.
Any help ?
Nyon
PROTECTED]
Subject: Re: MySQL Security
Make sure that the files are not world readable.
In Linux system, In order to run CGI in PERL script, that perl script
must be 755. It is read by any users and Perl is written in text format, so
Its is easy to know user and password of MYSQL. How do you t
Make sure that the files are not world readable.
On Tue, 3 Apr 2001, Taing Nguon wrote:
Date: Tue, 3 Apr 2001 09:52:30 +0700
From: Taing Nguon [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: MySQL Security
Dear sir or madam
MySQL user's account is not related to user's account
I would think that if the user does not have grant options set on the
particular DB in the mysql.db table, then he would not be able to access
it
using DBI, even if he is a local user.
I have already tried to do it by myself. and I found that although any user
has no MYSQL user's account,
Million of thanks
Regards
Taing Nguon
On Tue, 3 Apr 2001, Taing Nguon wrote:
Date: Tue, 3 Apr 2001 09:52:30 +0700
From: Taing Nguon [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: MySQL Security
Dear sir or madam
MySQL user's account is not related to user's account
"Taing Nguon" [EMAIL PROTECTED] wrote:
Make sure that the files are not world readable.
In Linux system, In order to run CGI in PERL script, that perl script
must be 755. It is read by any users and Perl is written in text format, so
No entirely true. The reason the files are set to
Taing Nguon wrote:
Make sure that the files are not world readable.
In Linux system, In order to run CGI in PERL script, that perl script
must be 755. It is read by any users and Perl is written in text format, so
Its is easy to know user and password of MYSQL. How do you think about
Dear sir or madam
MySQL user's account is not related to user's account on Linux System, so they can
be different.
My problem is that I use perl DBI to interact MySQL server as belows:
--
use DBI;
$dbh = DBI-connect("DBI:mysql:DatabaseName","$user","$password");
---
So $user and
Taing Nguon wrote:
Dear sir or madam
MySQL user's account is not related to user's account on Linux System, so they
can be different.
My problem is that I use perl DBI to interact MySQL server as belows:
--
use DBI;
$dbh =
Sergei Golubchik a crit :
Hi!
On Jan 12, Joo Gouveia wrote:
Hi,
I believe i've found a problem in MySql. Here are some test's i've made in
3.22.27 x86( also tested on v3.22.32 - latest stable, although i didn't
debug it, just tested to see if crashes ).
Confirmed up to latest
Hi!
On Jan 15, Nicolas GREGOIRE wrote:
Sergei Golubchik a Ucrit :
Hi!
On Jan 12, JoUo Gouveia wrote:
Hi,
I believe i've found a problem in MySql. Here are some test's i've made in
3.22.27 x86( also tested on v3.22.32 - latest stable, although i didn't
debug it, just
55 matches
Mail list logo