Professional Web Applications Themes

best way to protect database logins - MySQL

Removed by Administrator...

  1. Moderated Post

    Default best way to protect database logins

    Removed by Administrator
    Fly Guest
    Moderated Post

  2. Moderated Post

    Default Re: best way to protect database logins

    Removed by Administrator
    Gordon Guest
    Moderated Post

  3. Moderated Post

    Default Re: best way to protect database logins

    Removed by Administrator
    Jon Guest
    Moderated Post

  4. Moderated Post

    Default Re: best way to protect database logins

    Removed by Administrator
    Jerry Guest
    Moderated Post

  5. Moderated Post

    Default Re: best way to protect database logins

    Removed by Administrator
    Jon Guest
    Moderated Post

  6. Moderated Post

    Default Re: best way to protect database logins

    Removed by Administrator
    Captain Guest
    Moderated Post

  7. Moderated Post

    Default Re: best way to protect database logins

    Removed by Administrator
    Jon Guest
    Moderated Post

  8. #8

    Default Re: best way to protect database logins

    >>> > You're missing the point here. He isn't talking about one of his 
    >>
    >> Jon, did you actually bother to read Jerry's post?
    >>
    >> How can the OP check for the existance of the hash in the DB (table
    >> might be a better word) if he hasn't logged into MySQL yet?
    >> How can he log into MySQL if he doesn't have a userid and password for
    >> it?
    >> MySQL will NOT accept the hash of a userid and password as login
    >> credentials to MySQL, it wants the MySQL userid and password.
    >>[/ref]
    >
    >Um, so your saying that he will allow remote users to access the DB
    >directly? Thats nonsense. If he is using a web interface to the DB then do
    >you think that the DB cannot viewed by the administrators? No matter where
    >he hides files or whatever he does with permissions they can get it. Theres
    >no way to secure anything from the admin. So whats your point?[/ref]

    You still want a way to secure the MySQL passwords from users with
    browsers.
     

    It hasn't been established that this site will even *HAVE* individual
    user logins. Many search engines don't. However, search engines
    are likely to use databases and they don't want random users altering
    the data.
     
    >
    >And you might want to follow the quote:
    >
    >"Arrogance diminishes wisdom."
    >
    >or even
    >
    >"The truest characters of ignorance are vanity, and pride and arrogance."[/ref]
    Gordon Guest

  9. Moderated Post

    Default Re: best way to protect database logins

    Removed by Administrator
    Captain Guest
    Moderated Post

  10. #10

    Default Re: best way to protect database logins


    "Gordon Burditt" <burditt.org> wrote in message
    news:supernews.com... 
    >>
    >>Um, so your saying that he will allow remote users to access the DB
    >>directly? Thats nonsense. If he is using a web interface to the DB then do
    >>you think that the DB cannot viewed by the administrators? No matter
    >>where
    >>he hides files or whatever he does with permissions they can get it.
    >>Theres
    >>no way to secure anything from the admin. So whats your point?[/ref]
    >
    > You still want a way to secure the MySQL passwords from users with
    > browsers.
    >[/ref]

    Sure. I understand that. But thats by default? Every web hosting server I
    have known didn't give permissions to the whole site by default. (and at the
    very least you could move it to a non public_html dir and it would be secure
    from remote users.
     
    >
    > It hasn't been established that this site will even *HAVE* individual
    > user logins. Many search engines don't. However, search engines
    > are likely to use databases and they don't want random users altering
    > the data.
    >[/ref]

    Yes, I original misread what he wanted. I thought he just wanted a way to
    secure remote user passwords. This can still be done using SQL by having an
    extra layer of security using the idea I presented but you will have to have
    atleast one account that can query the user database. It doesn't matter if
    its secure or not. Except now you will have to store the passwords to be
    used to log into the DB but you can have a level of indirection that will
    prevent most people from getting ahold of the passwords. (ofcourse if you
    let remote clients go snooping into your web files then your bound to have
    some security issues.)



    Jon Guest

  11. #11

    Default Re: best way to protect database logins

    >> 
    >
    > Gordon had already discussed the question of from whom the stuff was
    > to be "protected" in the second post in this thread.
    > The OP quite plainly explained and demonstrated with sample code, that
    > the uid/pw to which he was referring was the MySQL one.
    > However "right" your idea is/was, it has nothing to do with the OPs
    > question, a point that you seem intent on ignoring.
    >[/ref]

    No, I was wrong. I mis read what the original poster was asking. What I'm
    ignoring is you. You seem to have some issues with ego. You could have
    pointed out my mistake but instead you insult me. One day that kinda
    attitude will catch up with you... but for now you're on my ignore list.


    Jon Guest

  12. #12

    Default Re: best way to protect database logins

    Jon Slaughter wrote: 
    >> Gordon had already discussed the question of from whom the stuff was
    >> to be "protected" in the second post in this thread.
    >> The OP quite plainly explained and demonstrated with sample code, that
    >> the uid/pw to which he was referring was the MySQL one.
    >> However "right" your idea is/was, it has nothing to do with the OPs
    >> question, a point that you seem intent on ignoring.
    >>[/ref]
    >
    > No, I was wrong. I mis read what the original poster was asking. What I'm
    > ignoring is you. You seem to have some issues with ego. You could have
    > pointed out my mistake but instead you insult me. One day that kinda
    > attitude will catch up with you... but for now you're on my ignore list.
    >
    >[/ref]

    I don't find Captain Paralytic to have any ego problems.

    But I do find you have a problem with reading comprehension. You
    obviously did not read what I - or anyone else earlier in this thread -
    said before showing your ignorance. Or, if you read it, you didn't
    understand it - a problem no other person in this thread had.

    And now you try to tell CP HE's got a problem? That takes SOME EGO.
    Either that, or the inability to accept you ed up, and the need to
    blame someone else for your up - or at least share the blame
    instead of just accepting it yourself.

    <plonk>

    --
    ==================
    Remove the "x" from my email address
    Jerry Stuckle
    JDS Computer Training Corp.
    net
    ==================
    Jerry Guest

  13. #13

    Default Re: best way to protect database logins

    On 21 Feb, 11:29, "Jon Slaughter" <com> wrote: [/ref]
    > [/ref]
    > [/ref]

    >
    > No, I was wrong. I mis read what the original poster was asking. What I'm
    > ignoring is you. You seem to have some issues with ego. You could have
    > pointed out my mistake but instead you insult me. One day that kinda
    > attitude will catch up with you... but for now you're on my ignore list.[/ref]

    So you didn't read what the OP wrote.
    You didn't read what Gordon wrote.
    You didnt'read what Jerry wrote.
    And you're ignoring me.

    And I'm the one with the big ego?
    Hmmmmmm.

    Captain Guest

  14. #14

    Default Re: best way to protect database logins

    Gordon Burditt ha scritto: 
    >
    > First, figure out *WHAT* attacker.
    >
    > The sysadmins of your (hosting company) server? Forget it. Change hosting
    > companies if you don't trust them.
    >
    > Another customer on your shared server? Very difficult problem. The
    > web server and PHP probably run with the same UID for his pages AND yours.[/ref]

    Hi Gordon,
    excuse me for my bad english, I'm italian.
    With 'attacker' I mean 'Someone with a browser'.
    I've read your and other users explanations, now is a bit more clear for
    me what to do.

    Just a last question, a little OT, about the chmod settings of my
    website directory, what are the optimal settings? I've read about 750
    for folders and 644 for files. What do you think?

    Thanks and regards

    Max
    Fly Guest

Similar Threads

  1. Secure logins & sql database structure
    By Arnicia513 in forum Brainstorming Area
    Replies: 0
    Last Post: July 23rd, 10:36 AM
  2. Tracking Logins
    By Terry Murray in forum ASP Database
    Replies: 2
    Last Post: August 27th, 10:40 PM
  3. Password Protect Database to Compress
    By Robert Boisvert in forum Microsoft Access
    Replies: 0
    Last Post: August 3rd, 11:41 PM
  4. Miltiple Logins
    By Bill Schmid in forum Windows Setup, Administration & Security
    Replies: 1
    Last Post: June 30th, 05:31 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139