Posted by mistral on 10/31/06 12:20

"Gordon Burditt wrote:
"
> >Bad designed, bad documented. Plenty logic errors..
> > And what most worse thing, developers *do not know* how to correct an
> >issue.

> >>"Not at all if you have MySQL security set up properly and use the
> >> correct userid and password."

> >Have you tried do this at shared virtual hosting, where you have no
> >*any* access to all this "config" files?

> Then when you lease space on a database server, the admin of that
> company is supposed to set up your access. If you don't have access
> to what you are paying for, complain. Often hosting companies insist
> that you access the database from the web server that also comes with
> the service, and nowhere else. If this is the case, they need to
> explain how to access the database, and perhaps fix their setup.

> It may well be that the hosting company insists that you access the
> database only from the web server in the account, that's policy,
> and there's not a thing you can do about it besides change hosts.

> >Why user need to have headashe
> >about this senseless configuration settings? You will get headASHE and
> >can spend a weeks or even and month to solve this stupis security
> >issue.

> Call tech support for your hosting company.

> >Why MySQL need have more security than FTP programs?( that works
> >just fine) Any ftp works wl

> Security on FTP does *NOT* "work just fine". Some versions of
> FTP don't even have the ability to set up a "read only" account.

> Databases tend to have more sensitive information in them than
> files: passwords, credit card numbers, financial data, private
> medical information, etc. And it just doesn't make sense to have
> a databbase with direct read/write access open to the world.

> >Plenty users can no access it own MySQL database installed even on it
> >own computer. Stupid system generate errors #1045 - Access denied. So
> >called 'securiy settings issue' is just paranoidal. Why not set access
> >to phpmyadmin/mySQL from ANY IPs by default?

> Windows seems to come set with wide open access for everyone and
> the result is armies of zombies being used to attack other systems.
> It's not paranoia if they really are out to get you. And there are
> systems out there port-scanning for MySQL servers.

> You (the server admin) can set up a username/password to access
> from any IP if you want to. The default, a very correct one IMHO,
> is *NO* access over the net. Does having a default username/password
> make any sense to you in this situation? I hope not. You (or the
> admin of the server) need to set up access individually.

> >Have you real ideas how to repair this 'error #1045 - Access denied for
> >user' remotely on virtual host? I doubt that you have any idea.
>
> The idea behind security is that you are not able to "fix" lack of
> access from the outside. You have to be given access by the
> administrators of that system. Call the tech support of your hosting
> company.

> If it's your own server, you need to use the GRANT command (probably run
> from the server machine itself) to grant the access required to something
> on another machine. You may decide whether or not to lock down the
> access by IP address or not.

> In order to use a MySQL connection (as a client), you need 4 pieces
> of data: the username, password (might be "none", but this is NOT
> a good idea), server hostname (might be "localhost"), and database
> name. You also have to try to make the connection from a host
> that's allowed to connect. This isn't much more complicated than
> non-anonymous FTP, where you need a username, password, hostname,
> and directory name. If you're having trouble plugging that info
> into whatever client you are using (command-line client, PHP,
> whatever) you need to read the documentation. If you don't *KNOW*
> what this information is, you need to contact the server administrator
> (or your host's tech support).

---------------------------

> It may well be that the hosting company insists that you access the
> database only from the web server in the account, that's policy,
> and there's not a thing you can do about it besides change hosts.

Its virtual shared hosting(free) "with MySQL" No any support at all. No
admins, all is "as is".
So, phpmyadmin-mySQL may work or may not work. If work -OK, if not -
you can no change anything. The only way try run php script that will
try eliminate/rewrite all restrictions and reconfigure all appropriate
files.

m.

[Back to original message]