How To Secure Access To MySQL Database

Jan 28, 2008

What can I do to secure access to my MySQL database to stop it from getting compromised from hackers?

Is there any way I can restrict access to the MySQL database to my IP only?

The database is for an IPB 2.3.4 forum and the username/password are stored in a conf_global.php file that is CHMODed 0444.

View 5 Replies


ADVERTISEMENT

Copying (MySQL) Database Without Panel Access.

Mar 7, 2007

A customer would like to move his hosting from another host to me. But the other host does not want to cooperate and give me access to the panel or files. Threw the customer I did get the ftp information, and within the config file I have the database username and password.

How is it possible to copy the database, without having the hosting panel access?

View 8 Replies View Related

Where Is A Database Most Secure

Feb 7, 2008

I'm building an ASP.NET 2.0 web app on a shared hosting plan. It looks like I have two good places to store my database. One is the App_Data folder that my .NET training tells me is the place to store databases. However, like many shared hosting plans I have a directory above the publicly accessible webroot folder with serves as my application root. Right next to my webroot folder is a databases folder which my web host apparently sets up as a default location for databases. So which is more secure? My App_Data folder? Or a "sibling" folder to my webroot?

If it matters, I have an Access .mdb, which I may upgrade to a SQL server .mdf.

View 2 Replies View Related

Secure FTP Without Shell Access?

Apr 22, 2009

Do you guys have any idea what is the best way to enable SFTP for a cPanel account?

I could give it Shell access, but isn't it possible without it?

View 3 Replies View Related

Secure And Restrict SSH Access

Aug 23, 2007

1.Who can I secure and restrict SSH access?

View 3 Replies View Related

Secure Employees SSH Access To Server

Jul 6, 2009

I'm thinking about creating a limited platform for my employees to access my hosting servers

I wish they can create certain types of directories for users, set permissions on some directories, list users accounts, etc.

but although I don't think they would want to abuse this kind of access, I not only like the Trust-No-One premisse, but I also find it not very unlikely that the computer they're using get compromised or something like that

so I'd like to get technical ideas on how to develop this system and to know if anyone is interested and would like to contribute to the code

what I've considered so far is that I should either create a special user for that which would be on all users group, or should give it "root" access... the latter seems more reasonable for me considering the implementation and compatibility between systems and control panels

but with "root" access I mean "running MY INTERFACE to the employee as root"... this interface would have limited options like "create directory for user X", "list content of user X", etc. (taking a lot of care on input validation)... and would enforce some limits to prevent abuse (for example, can't list the content of more than 10 users per hour, or something like that... and alert me)

my main doubt is how you think that should be implemented? as a special server or as a webservice? with webservice I have the advantage of being capable of using SSL in a simple way and I don't need a special client (since any browser is a client)
then that could be PHP or Perl... but running as UID 0 (I don't even know if apache allows that, or if there's a workaround like SUID)

View 6 Replies View Related

How To Secure /tmp,/dev/shm Without Access To OpenVZ Hardware Node?

Aug 27, 2008

I have recently picked up a CentOS5 server running on an OpenVZ box. Going thru various guides, I have seen repeatedly the importance of securing the /tmp partition. However, I am running into trouble when I try to follow the usual commands [1][2]

For example:

# mount -o nosuid,noexec /media/tmpFS /tmp
mount: /media/tmpFS is not a block device (maybe try `-o loop'?)
If I check for the presence of loop, it is missing:

# ls -ltr /dev/loop*
ls: /dev/loop*: No such file or directory

If I try and create loop using /sbin/makedev loop and re-execute the mount command, I get a new error

mount: no permission to look at loop
The nearest I have found so far is this thread [3], which suggests using

mount -t tmpfs tmpfs /tmp
I believe the above will not persist across a reboot, so that defeat's the purpose.

Can you advise on how to mount /tmp in noexec,nosuid mode within the VPS environment?

View 0 Replies View Related

How Do I Secure Remote Access To Remote Access Products

Mar 24, 2007

I have windows servers that I'll be co-locating very soon. I have purchased a Dell 2161ds-2 and an APC remote boot power strip. Could someone please tell me the best way to secure remote access to these products. Do I put them on public IP's and allow them through the firewall or do I put them behind the firewall and access them after I authenticate through the firewall.

View 6 Replies View Related

Secure MySQL Backup Script

Jul 29, 2008

Is there a method of running a back-up script,as root, using MySQL, without passing or storing the root password in the clear?

I have tried OpenSSH with a nologin option using certificates, but I still have problems. I need to run it as a cron job every so often, (without specifics) securely.

I understand I can use another user, other than root, with read-only, but I need to back up the whole db at once, not specific users db's.

View 2 Replies View Related

Narrowing Down The Options-what To Do For Secure, Managed MySQL

Apr 3, 2009

We want to serve web pages and I think we're getting very close to picking a partner for that. But we also want to have a secure, HA mySQL instance to vend serial numbers to purchased products. This means two more servers at separate data centers behind a load balancer. HA web servers are pretty expensive, is there a mySQL only solution that would be cheaper?(Connectria?) The load would be very light....

View 3 Replies View Related

Open Database Access

Mar 23, 2007

I want to develop a desktop-based application for content management for a customer. The problem is that every host I have found has a firewall that blocks any server except the web server from accessing the database.

On a programmatic level does anyone know of a way around this or, even better, a GOOD host that will allow me to do this?

What are the real risks involved with direct database access? I'm looking for relatively cheap shared hosting and likely cannot afford dedicated hosting.

View 9 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved