[PHP-DB] Given only one mySQL user account by Host Company
My hosting company gave me one database and one root user account, and I have no access for priviliges at all. So as far as I can tell, the only way for me to connect to the database on my site is to do a mysql_connect(host, user, pass), where the user and pass are the ones for this one super account. Is this a major security concern or what? Is there a way around this, or a way to minimize security problems? I've emailed them about this, and they act like they have no clue what I'm talking about: I'm not trying to hide files or directories, I'm talking about when I use PHP and make a connection to the database using mysql_connect(host, user, pass). This script is what is in my webpages that connects to the DB and retrieves data to print for users. Is there an anonymous account to use for retrieving data, or can I make one? Then the program or script you are using should have means for your users to access permitted areas. And there is no anonymous account, there is only your own account Db Now. Hosting company provide your site with tool for you to use your own programs and it's up to you which programs and how you use them. Our job is to make sure the tool is working. Other than that, we do not provide support for scripts and the programs you are using. If you having problems to use some programs then you need to get in touch with developers and find what need to be done and how. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Random Number generating and adding it to he database..
On Sun, 23 Jan 2005 10:43:03 +0400, Radwan Aladdin [EMAIL PROTECTED] wrote: I wanted to know the best Random Function for PHP.. But please I don't want duplications to happen at the same second.. because I receive many customers.. For that purpose, mt_rand ( [int min, int max]) function is your best friend, I guess. See http://in2.php.net/manual/en/function.mt-rand.php for more details. And also how can I add [EMAIL PROTECTED], whic abc is a variable... and localhost.com is a static text?? So I only request from the user to enter the abc only and it will automatically be : [EMAIL PROTECTED] //Do you mean -- $user = someuser; echo $user; //And you wish to make [EMAIL PROTECTED] ? //Then, $email_address = $user . @localhost.com; echo $email_address; //Will output [EMAIL PROTECTED] The dot (.) is the cocatenation (string-joining) operator. Regards, Samar M. = Warning: Dates in Calendar are closer than they appear. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] What is wrong with this query?
A better idea would be, back to basics, back to learning SQL. Otherwise you'll get PLENTY rows and don't even know why ;) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Auto Responses?
I do support you too, Jerry. People should either somehow exclude 'php-db'/other mailing lists to be auto-replied to or they must keep off their auto-replies with themselves. Yes most mail systems allows you to exclude certain domains from getting a auto response. Or if they own their own server they can do the same. Imagine half the mailing list people setting a auto reply, our mailboxes would be out of control. If one does it and gets away with it more will follow. I classify ANY auto response that has no realy meaning, eg out of office is SPAM! Different if your signing up for a subscription a auto message sends password and all that is a different story. But for this mailing list setting a auto response for the domains lists.php.net should not be allowed. Its quite stupid recieving emails saying I am out of office when we are waiting for more urgent things. Correct, my dog barking in the back yard is more urgent than that sort of message. Hence I don't have a dog, I don't think! Regards, Samar M. J Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Auto Responses?
I do support you too, Jerry. People should either somehow exclude 'php-db'/other mailing lists to be auto-replied to or they must keep off their auto-replies with themselves. Its quite stupid recieving emails saying I am out of office when we are waiting for more urgent things. Regards, Samar M. On Sun, 23 Jan 2005 15:56:12 +1100 (EST), JeRRy [EMAIL PROTECTED] wrote: Why do people set auto responses on a mailing list like this? It's crazy, imagine all the auto replies this list would generate. As if I care if a user is not able to reply because they have gone on holidays or something. If they don't reply obviously they are not around or can't answer or don't want to. That's fine, but I don't care if your away but I do care a stupid auto response is setup. It's worse than general spam!!! J Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Love, Samar M. = Warning: Dates in Calendar are closer than they appear. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Auto Responses?
What i love even better is when somebody on a mailing list, makes the email hand back a receipt, how many people on this list, 10k+? Ouch thats a lot of replies. Heh. Marcus Joyce JeRRy wrote: I do support you too, Jerry. People should either somehow exclude 'php-db'/other mailing lists to be auto-replied to or they must keep off their auto-replies with themselves. Yes most mail systems allows you to exclude certain domains from getting a auto response. Or if they own their own server they can do the same. Imagine half the mailing list people setting a auto reply, our mailboxes would be out of control. If one does it and gets away with it more will follow. I classify ANY auto response that has no realy meaning, eg out of office is SPAM! Different if your signing up for a subscription a auto message sends password and all that is a different story. But for this mailing list setting a auto response for the domains lists.php.net should not be allowed. Its quite stupid recieving emails saying I am out of office when we are waiting for more urgent things. Correct, my dog barking in the back yard is more urgent than that sort of message. Hence I don't have a dog, I don't think! Regards, Samar M. J Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Given only one mySQL user account by Host Company
Simple _complete_ solution: Find a different hosting company that provides a virtual server and root access to everything about your account. Cost should be nominal, but probably not free. Simple _partial_ solution: Use INCLUDEs for the login portions of the script(s) and place them in a protected directory. If you are unable to protect directories (.htaccess) with this host, they are begging for trouble and victimizing their subscribers. Simple _lack of a_ solution: Don't put anything on this site that anyone cares about protecting. If that all sounds obvious, it's supposed to. Doug Shay wrote: My hosting company gave me one database and one root user account, and I have no access for priviliges at all. So as far as I can tell, the only way for me to connect to the database on my site is to do a mysql_connect(host, user, pass), where the user and pass are the ones for this one super account. Is this a major security concern or what? Is there a way around this, or a way to minimize security problems? I've emailed them about this, and they act like they have no clue what I'm talking about: I'm not trying to hide files or directories, I'm talking about when I use PHP and make a connection to the database using mysql_connect(host, user, pass). This script is what is in my webpages that connects to the DB and retrieves data to print for users. Is there an anonymous account to use for retrieving data, or can I make one? Then the program or script you are using should have means for your users to access permitted areas. And there is no anonymous account, there is only your own account Db Now. Hosting company provide your site with tool for you to use your own programs and it's up to you which programs and how you use them. Our job is to make sure the tool is working. Other than that, we do not provide support for scripts and the programs you are using. If you having problems to use some programs then you need to get in touch with developers and find what need to be done and how. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Auto Responses?
On Sunday 23 January 2005 23:40, JeRRy wrote: I do support you too, Jerry. People should either somehow exclude 'php-db'/other mailing lists to be auto-replied to or they must keep off their auto-replies with themselves. Yes most mail systems allows you to exclude certain domains from getting a auto response. Or if they own their own server they can do the same. More specifically, smart autoresponders will not respond to mailing lists, bounces, etc. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- New Year Resolution: Ignore top posted posts -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Auto Responses?
On Mon, 24 Jan 2005 01:56:03 +0800, Jason Wong [EMAIL PROTECTED] wrote: More specifically, smart autoresponders will not respond to mailing lists, bounces, etc. If they are some kind of extensions or plug-ins to email clients, I guess you could put up some more info on them to enlighten all of us and these out of office and on vacation to Hawai people. :) Regards, Samar M. aka Knight Samar = Warning: Dates in Calendar are closer than they appear. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Is this possible?
Let me explain this a bit better, or try to. ;) Let's say I have some code on MY SERVER. I will call it MYSERVER and an outside server outside my local area OUTSIDESERVER. Now I have PHP on MYSERVER to connect to a database on an OUTSIDESERVER and once establish do a few updates/deletes etc. Now the database names, passwords etc will be stored on MYSERVER which uses input themself to save. Now is this method security safe and possible or are most servers setup to a DB connection can only be made by localhost? J Date: Sun, 23 Jan 2005 15:51:02 +1100 (EST) From: JeRRy [EMAIL PROTECTED] To: php-db@lists.php.net Subject: Is this possible? Hi, Is it security safe and possible to use my server to query another server, outside the local zone, and make updates to another server using a PHP page from my server? I'm just wondering. So in other words I'd have a DB setup to hold users domains, db names, db usernames, db passwords etc on mine and run PHP code query their own on their server. I wanna do this to run a program I am working on and wanna keep the code on my server rather than handing it out to people to freely use. Again the question is, is it security safe and possible. :) J Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Given only one mySQL user account by Host Company
What admin tools do you have for the db? PhpMyAdmin? something else? Many of those can be used to create additional user accounts with more limited restricitions. Bastien From: Shay [EMAIL PROTECTED] Reply-To: Shay [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] Given only one mySQL user account by Host Company Date: Sun, 23 Jan 2005 03:03:26 -0700 My hosting company gave me one database and one root user account, and I have no access for priviliges at all. So as far as I can tell, the only way for me to connect to the database on my site is to do a mysql_connect(host, user, pass), where the user and pass are the ones for this one super account. Is this a major security concern or what? Is there a way around this, or a way to minimize security problems? I've emailed them about this, and they act like they have no clue what I'm talking about: I'm not trying to hide files or directories, I'm talking about when I use PHP and make a connection to the database using mysql_connect(host, user, pass). This script is what is in my webpages that connects to the DB and retrieves data to print for users. Is there an anonymous account to use for retrieving data, or can I make one? Then the program or script you are using should have means for your users to access permitted areas. And there is no anonymous account, there is only your own account Db Now. Hosting company provide your site with tool for you to use your own programs and it's up to you which programs and how you use them. Our job is to make sure the tool is working. Other than that, we do not provide support for scripts and the programs you are using. If you having problems to use some programs then you need to get in touch with developers and find what need to be done and how. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Re: Is this possible?
Depends on what you mean by security safe. Safe for sensitive data? Nope. Its all sent clear text over the net unless you use ssl encryption. You will need to alter the second remote db to accept a connection/account coming from your primary server. Your host may not allow that, you'll need to check with them. If the user account/passwords are not securely stored on the server...outside the root in protected directory, you may risk a hacker gaining access to both accounts (local and remote). Can it be done safely? Sure. But you may need greater control over the servers than what the host(s) are willing to allow. There may be additional costs (SSL certificates, set-up charges etc) Bastien From: JeRRy [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] Re: Is this possible? Date: Mon, 24 Jan 2005 05:20:20 +1100 (EST) Let me explain this a bit better, or try to. ;) Let's say I have some code on MY SERVER. I will call it MYSERVER and an outside server outside my local area OUTSIDESERVER. Now I have PHP on MYSERVER to connect to a database on an OUTSIDESERVER and once establish do a few updates/deletes etc. Now the database names, passwords etc will be stored on MYSERVER which uses input themself to save. Now is this method security safe and possible or are most servers setup to a DB connection can only be made by localhost? J Date: Sun, 23 Jan 2005 15:51:02 +1100 (EST) From: JeRRy [EMAIL PROTECTED] To: php-db@lists.php.net Subject: Is this possible? Hi, Is it security safe and possible to use my server to query another server, outside the local zone, and make updates to another server using a PHP page from my server? I'm just wondering. So in other words I'd have a DB setup to hold users domains, db names, db usernames, db passwords etc on mine and run PHP code query their own on their server. I wanna do this to run a program I am working on and wanna keep the code on my server rather than handing it out to people to freely use. Again the question is, is it security safe and possible. :) J Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Given only one mySQL user account by Host Company
Shay definitely has bad hosting. the guy wants a seperate mysql user with readonly privileges on his DB which is good practice. only ... his hostingco. has given him a single DB and a single user a/c. no doubt they manage their system via a webinterface - when every they add a customer, they check the box marked add MySQL DB to hosting package and click go. I bet that Shay does not have access to the MySQL system tables - like he said, the user a/c he has been given any grant privileges (at least that what I think he meant) Bastien Koert wrote: What admin tools do you have for the db? PhpMyAdmin? something else? Many of those can be used to create additional user accounts with more limited restricitions. Bastien From: Shay [EMAIL PROTECTED] Reply-To: Shay [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] Given only one mySQL user account by Host Company Date: Sun, 23 Jan 2005 03:03:26 -0700 My hosting company gave me one database and one root user account, and I have no access for priviliges at all. So as far as I can tell, the only way for me to connect to the database on my site is to do a mysql_connect(host, user, pass), where the user and pass are the ones for this one super account. Is this a major security concern or what? Is there a way around this, or a way to minimize security problems? I've emailed them about this, and they act like they have no clue what I'm talking about: I'm not trying to hide files or directories, I'm talking about when I use PHP and make a connection to the database using mysql_connect(host, user, pass). This script is what is in my webpages that connects to the DB and retrieves data to print for users. Is there an anonymous account to use for retrieving data, or can I make one? Then the program or script you are using should have means for your users to access permitted areas. And there is no anonymous account, there is only your own account Db Now. Hosting company provide your site with tool for you to use your own programs and it's up to you which programs and how you use them. Our job is to make sure the tool is working. Other than that, we do not provide support for scripts and the programs you are using. If you having problems to use some programs then you need to get in touch with developers and find what need to be done and how. boilerplate idiots. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: Is this possible?
On Mon, 24 Jan 2005 05:20:20 +1100 (EST), JeRRy [EMAIL PROTECTED] wrote: Let me explain this a bit better, or try to. ;) Let's say I have some code on MY SERVER. I will call it MYSERVER and an outside server outside my local area OUTSIDESERVER. Now I have PHP on MYSERVER to connect to a database on an OUTSIDESERVER and once establish do a few updates/deletes etc. Now the database names, passwords etc will be stored on MYSERVER which uses input themself to save. Now is this method security safe and possible or are most servers setup to a DB connection can only be made by localhost? J Security-safe, I don't know. :) Possible, yes. You can configure from what host a particular user can be allowed to login. That's what _host_ columns in the mysql databases' tables and the _host_ table define. I hope I am getting you right. :) Regards, Samar M. aka Knight Samar = Warning: Dates in Calendar are closer than they appear. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] GROUP BY? Urgent help needed with selection list
if you have kind of geo id number you could use that, failing to have that
info, you could re-arrange the data to have Akron - Central, Akron - SE (so
that all is in a standard format)
Bastien
From: Chris Payne [EMAIL PROTECTED]
To: php-db@lists.php.net
Subject: [PHP-DB] GROUP BY? Urgent help needed with selection list
Date: Sun, 23 Jan 2005 00:46:18 -0500
Hi there everyone,
Im using the following code to populate cities from a huge database:
select name=fm_city[] id=fm_city[] multiple
option value=0Show All/option
?
$sqla = SELECT DISTINCT(Area) FROM MLS_Listings ORDER BY Area;
$sql_resulta = mysql_query($sqla,$connection)
or die(Couldn't execute query.);
while ($row = mysql_fetch_array($sql_resulta)) {
$Area = $row[Area];
?
option value=?=$Area?
?=$Area?
/option
? }; ?
/select
This works great, no problems BUT the client now needs is so the cities are
grouped, but its not so simple. For example, say you have Akron, Akron
Central etc
. They need them so that ALL Akrons appear together, the
problem is, that also includes some which are SE Akron etc
. So, of course
that appears further down the list under S. How can I group this way? I
am
pretty lost on this.
Any help would REALLY be appreciated.
Chris
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.7.2 - Release Date: 1/21/2005
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] GROUP BY? Urgent help needed with selection list
Hi there,
The problem is, the database is imported from a huge properties database and
can only be imported in the format from the central database of estate
agents, so I can't reformat it in the tables itself.
Each table has the same fields, but one is for condo's, one is for
residential etc . however, the client need to be able to do a search all
tables query, and bring the results up as though you are only search 1
table. I've never searched multiple tables before without a relative ID,
what I need is to search all of them as though it is just searching 1, so I
don't think multiple queries would work, hence why I'm trying to do it all
in a single query.
Chris
if you have kind of geo id number you could use that, failing to have that
info, you could re-arrange the data to have Akron - Central, Akron - SE (so
that all is in a standard format)
Bastien
From: Chris Payne [EMAIL PROTECTED]
To: php-db@lists.php.net
Subject: [PHP-DB] GROUP BY? Urgent help needed with selection list
Date: Sun, 23 Jan 2005 00:46:18 -0500
Hi there everyone,
Im using the following code to populate cities from a huge database:
select name=fm_city[] id=fm_city[] multiple
option value=0Show All/option
?
$sqla = SELECT DISTINCT(Area) FROM MLS_Listings ORDER BY Area;
$sql_resulta = mysql_query($sqla,$connection)
or die(Couldn't execute query.);
while ($row = mysql_fetch_array($sql_resulta)) {
$Area = $row[Area];
?
option value=?=$Area?
?=$Area?
/option
? }; ?
/select
This works great, no problems BUT the client now needs is so the cities are
grouped, but its not so simple. For example, say you have Akron, Akron
Central etc . They need them so that ALL Akrons appear together, the
problem is, that also includes some which are SE Akron etc . So, of course
that appears further down the list under S. How can I group this way? I
am
pretty lost on this.
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.7.2 - Release Date: 1/21/2005
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] GROUP BY? Urgent help needed with selection list
Chris Payne wrote: Hi there, The problem is, the database is imported from a huge properties database and can only be imported in the format from the central database of estate agents, so I can't reformat it in the tables itself. Each table has the same fields, but one is for condo's, one is for you need UNION - use of the UNION clause assumes 2 things: 1. all the tables in question do indeed have identical columns 2. the UNION clause is supported by the version of your DB software having said that if you are importing the data and each 'table' is of the same format why not just import each file/table into 1 table in your DB? residential etc . however, the client need to be able to do a search all tables query, and bring the results up as though you are only search 1 table. I've never searched multiple tables before without a relative ID, what I need is to search all of them as though it is just searching 1, so I don't think multiple queries would work, hence why I'm trying to do it all in a single query. Chris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] GROUP BY? Urgent help needed with selection list
Ah, that's ugly. Non-standard data is a bitch to make work. What i would do
then is create a virtual column with a case-when-then construct based on an
instring of area (like akron). Have a look at the mysql manual
(http://dev.mysql.com/doc/mysql/en/case-statement.html) for the syntax.
Is there anything preventing you from palying with the data and manipulating
it on the way into your site? Trying to make the virtual column in to a real
column that could provide the geo reference for future queries.
Bastien
From: Chris Payne [EMAIL PROTECTED]
To: php-db@lists.php.net
Subject: RE: [PHP-DB] GROUP BY? Urgent help needed with selection list
Date: Sun, 23 Jan 2005 14:03:53 -0500
Hi there,
The problem is, the database is imported from a huge properties database
and
can only be imported in the format from the central database of estate
agents, so I can't reformat it in the tables itself.
Each table has the same fields, but one is for condo's, one is for
residential etc . however, the client need to be able to do a search
all
tables query, and bring the results up as though you are only search 1
table. I've never searched multiple tables before without a relative ID,
what I need is to search all of them as though it is just searching 1, so I
don't think multiple queries would work, hence why I'm trying to do it all
in a single query.
Chris
if you have kind of geo id number you could use that, failing to have that
info, you could re-arrange the data to have Akron - Central, Akron - SE (so
that all is in a standard format)
Bastien
From: Chris Payne [EMAIL PROTECTED]
To: php-db@lists.php.net
Subject: [PHP-DB] GROUP BY? Urgent help needed with selection list
Date: Sun, 23 Jan 2005 00:46:18 -0500
Hi there everyone,
Im using the following code to populate cities from a huge database:
select name=fm_city[] id=fm_city[] multiple
option value=0Show All/option
?
$sqla = SELECT DISTINCT(Area) FROM MLS_Listings ORDER BY Area;
$sql_resulta = mysql_query($sqla,$connection)
or die(Couldn't execute query.);
while ($row = mysql_fetch_array($sql_resulta)) {
$Area = $row[Area];
?
option value=?=$Area?
?=$Area?
/option
? }; ?
/select
This works great, no problems BUT the client now needs is so the cities
are
grouped, but its not so simple. For example, say you have Akron, Akron
Central etc
. They need them so that ALL Akrons appear together, the
problem is, that also includes some which are SE Akron etc
. So, of
course
that appears further down the list under S. How can I group this way? I
am
pretty lost on this.
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.7.2 - Release Date: 1/21/2005
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Given only one mySQL user account by Host Company
Yes they gave me phpMyAdmin to use, and no, I have no access to the user/privilege table. So the only way to output database entries is to connect with the single super account they gave me. I have a question about what you said Doug: Use INCLUDEs for the login portions of the script(s) and place them in a protected directory. If you are unable to protect directories (.htaccess) with this host, they are begging for trouble and victimizing their subscribers. In other words, call on an external function to connect to the database, and place the file with this function in a directory that is .htaccess protected. Is this correct? I do have a separate file with a database connect function that all the pages on my site use, I just don't have it in a .htaccess protected directory. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Given only one mySQL user account by Host Company
Shay wrote: Yes they gave me phpMyAdmin to use, and no, I have no access to the user/privilege table. So the only way to output database entries is to connect with the single super account they gave me. Principally, this means you cannot allocate user accounts for mysql. No big deal unless you have a business model that calls for that. In which case, refer to my first comment in my original reply. I have a question about what you said Doug: Use INCLUDEs for the login portions of the script(s) and place them in a protected directory. If you are unable to protect directories (.htaccess) with this host, they are begging for trouble and victimizing their subscribers. In other words, call on an external function to connect to the database, and place the file with this function in a directory that is .htaccess protected. Is this correct? I do have a separate file with a database connect function that all the pages on my site use, I just don't have it in a .htaccess protected directory. Exactly right. The objective is to make it more difficult to hack the mysql login info. Doug -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Given only one mySQL user account by Host Company
--- Doug Thompson [EMAIL PROTECTED] wrote: Shay wrote: Yes they gave me phpMyAdmin to use, and no, I have no access to the user/privilege table. So the only way to output database entries is to connect with the single super account they gave me. I find this unusual. I'm on a shared host, and don't have access to the admin MYSQL, but I can set up users for my databases, and grant any and all privelages to the users for those databases. I think it would send up a red flag if only one account was allowed , that being the superuser i.e. all privelages. Stuart -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Given only one mySQL user account by Host Company
Another thought on this:
Even though you don't have access via phpmyadmin to get to the users table,
could you try to create users/grant privileges via straight sql thur the PMA
sql window?
ie
grant select, insert, update to 'bob'@'localhost' on mysql.users indentified
by password('my_pass');
bastien
From: Doug Thompson [EMAIL PROTECTED]
To: Shay [EMAIL PROTECTED]
CC: php-db@lists.php.net
Subject: Re: [PHP-DB] Given only one mySQL user account by Host Company
Date: Sun, 23 Jan 2005 15:51:41 -0700
Shay wrote:
Yes they gave me phpMyAdmin to use, and no, I have no access to the
user/privilege table. So the only way to output database entries is to
connect with the single super account they gave me.
Principally, this means you cannot allocate user accounts for mysql. No
big deal unless you have a business model that calls for that. In which
case, refer to my first comment in my original reply.
I have a question about what you said Doug:
Use INCLUDEs for the login portions of the script(s) and place them in a
protected directory. If you are unable to protect directories
(.htaccess) with this host, they are begging for trouble and victimizing
their subscribers.
In other words, call on an external function to connect to the database,
and place the file with this function in a directory that is .htaccess
protected. Is this correct? I do have a separate file with a database
connect function that all the pages on my site use, I just don't have it
in a .htaccess protected directory.
Exactly right. The objective is to make it more difficult to hack the mysql
login info.
Doug
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Given only one mySQL user account by Host Company
Without the ability to update the database mysql, your suggestion doesn't
work.
Just to confirm, here is a quick check to perform locally.
1. Log in as root.
2. Create DB test and user test with all privileges with grant option on only database test.
(grant all privileges on test.* to 'test'@'localhost' identified by 'password' with grant option;)
3. Log out and reconnect with userid 'test'. Note that your top level db is now test.
4. Create a table testtable in db test
5. Attempt to create new user foo with (any) privileges on test.testtable.
You will receive the following error message: Error Code : 1044
Access denied for user: '[EMAIL PROTECTED]' to database 'mysql'
Shay is in the same boat as user test.
Doug
Bastien Koert wrote:
Another thought on this:
Even though you don't have access via phpmyadmin to get to the users
table, could you try to create users/grant privileges via straight sql
thur the PMA sql window?
ie
grant select, insert, update to 'bob'@'localhost' on mysql.users
indentified by password('my_pass');
bastien
From: Doug Thompson [EMAIL PROTECTED]
To: Shay [EMAIL PROTECTED]
CC: php-db@lists.php.net
Subject: Re: [PHP-DB] Given only one mySQL user account by Host Company
Date: Sun, 23 Jan 2005 15:51:41 -0700
Shay wrote:
Yes they gave me phpMyAdmin to use, and no, I have no access to the
user/privilege table. So the only way to output database entries is
to connect with the single super account they gave me.
Principally, this means you cannot allocate user accounts for mysql.
No big deal unless you have a business model that calls for that. In
which case, refer to my first comment in my original reply.
I have a question about what you said Doug:
Use INCLUDEs for the login portions of the script(s) and place them
in a protected directory. If you are unable to protect directories
(.htaccess) with this host, they are begging for trouble and
victimizing their subscribers.
In other words, call on an external function to connect to the
database, and place the file with this function in a directory that
is .htaccess protected. Is this correct? I do have a separate file
with a database connect function that all the pages on my site use, I
just don't have it in a .htaccess protected directory.
Exactly right. The objective is to make it more difficult to hack the
mysql login info.
Doug
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Auto Responses?
On Monday 24 January 2005 02:13, Samar wrote: On Mon, 24 Jan 2005 01:56:03 +0800, Jason Wong [EMAIL PROTECTED] wrote: More specifically, smart autoresponders will not respond to mailing lists, bounces, etc. If they are some kind of extensions or plug-ins to email clients, I guess you could put up some more info on them to enlighten all of us and these out of office and on vacation to Hawai people. :) This is getting way off topic. I don't use any autoresponders on my mail client so I can't give any advice there (but I'm sure google can). I only use autoresponders on my mailserver. These look at the headers of the incoming mail to determine whether an autoresponse is appropriate. The autoresponders will also limit the number of autoresponses so that if eg your friend sends you 100 mails, they will not be told 100 times that you're having a whale of a time in Hawaii, it will only frustrate them and foment envy :). So if your autoresponder doesn't have at least those 2 features, complain loudly, or find a better one (or a better mail client). -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- New Year Resolution: Ignore top posted posts -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
