Results 1 to 4 of 4
  1. #1
    Join Date
    Jun 2005
    Posts
    15

    Unanswered: Protect MySQL database

    Hi, I'm a newbie with Mysql

    I have some experience concerning of MySQl database security.

    I'm working in some project that need mysql database (MySQL 5) to be transferred into a cd for delivery to my friend.

    And found out that, my friend can open the database using a default "root" username with no password. That's make me worry if the CD was receieved by a wrong person then the person can do the same like what my friend did.

    I'v got some answer from MySQL forum that, the root password is applied only to the Mysql server environment and not attached to the database, so if we copy the database into other Mysql server environment it could be easily opened using a default "root" username with no password.

    Is there some way to also protect the database with password,..? (like msaccess, firebirds, Microsoft SQL,.. etc,.)


    Thank you
    nbs

  2. #2
    Join Date
    Feb 2009
    Location
    Surabaya
    Posts
    1
    use grant to limit the user access, when you grant the database for you own define user, the other user can't open the database, and although they can open the database, but they not be able to access the table of your database i've try and it worked. just prove it your self


    thx

  3. #3
    Join Date
    Feb 2008
    Location
    Bandung - Indonesia
    Posts
    15
    Quote Originally Posted by nbs_212
    Hi, I'm a newbie with Mysql

    I have some experience concerning of MySQl database security.

    I'm working in some project that need mysql database (MySQL 5) to be transferred into a cd for delivery to my friend.

    And found out that, my friend can open the database using a default "root" username with no password. That's make me worry if the CD was receieved by a wrong person then the person can do the same like what my friend did.

    I'v got some answer from MySQL forum that, the root password is applied only to the Mysql server environment and not attached to the database, so if we copy the database into other Mysql server environment it could be easily opened using a default "root" username with no password.

    Is there some way to also protect the database with password,..? (like msaccess, firebirds, Microsoft SQL,.. etc,.)


    Thank you
    nbs
    1. You have to reassign a new password for root user, dont leave it blank.
    2. Create a new user with lmited access.
    3. All of your applications must apply the new user role.
    4. Else, you can still use root user access, but supply with a good password.

    First of all, you have to login into your mysql client utility with admin/root user access.

    CREATE USER

    Code:
    GRANT ~YOUR ACCESS HERE~
    ON ~DATABASE AND TABLE~
    TO ~USERNAME@HOSTNAME~
    IDENTIFIED BY ~YOUR PASSWORD~
    The code above is also create the user, not jutst giving some access.

    E.Q:
    Code:
    GRANT SELECT, INSERT, UPDATE, DELETE
    ON YourDatabase.*
    TO 'MyName'@'localhost'
    IDENTIFIED BY 'MyPassword'
    Or maybe you want to change root user passw.
    Code:
    SET PASSWORD FOR 'root'@'localhost' = PASSWORD('YourNewPassword')
    More resources:

    MySQL :: MySQL 5.1 Reference Manual :: 12.5.1.3 GRANT Syntax
    MySQL :: MySQL 5.1 Reference Manual :: 5.5.2 Adding User Accounts to MySQL
    Forum Informatika - Indonesian Informatics Online Community - http://if.web.id

  4. #4
    Join Date
    Jun 2007
    Posts
    197

    Smile

    Quote Originally Posted by galih
    1. You have to reassign a new password for root user, dont leave it blank.
    2. Create a new user with lmited access.
    3. All of your applications must apply the new user role.
    4. Else, you can still use root user access, but supply with a good password.

    First of all, you have to login into your mysql client utility with admin/root user access.

    CREATE USER

    Code:
    GRANT ~YOUR ACCESS HERE~
    ON ~DATABASE AND TABLE~
    TO ~USERNAME@HOSTNAME~
    IDENTIFIED BY ~YOUR PASSWORD~
    The code above is also create the user, not jutst giving some access.

    E.Q:
    Code:
    GRANT SELECT, INSERT, UPDATE, DELETE
    ON YourDatabase.*
    TO 'MyName'@'localhost'
    IDENTIFIED BY 'MyPassword'
    Or maybe you want to change root user passw.
    Code:
    SET PASSWORD FOR 'root'@'localhost' = PASSWORD('YourNewPassword')
    More resources:

    MySQL :: MySQL 5.1 Reference Manual :: 12.5.1.3 GRANT Syntax
    MySQL :: MySQL 5.1 Reference Manual :: 5.5.2 Adding User Accounts to MySQL
    Its not possible to protect MySQL database from for server root user

    server root user can go through .mysql_history file and can find the root password or can change root password through mysqld_safe mode

    so its better to make differnet users for server with limited access right
    only prescribe person to have root access

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •