What can I do to secure access to my MySQL database to stop it from getting compromised from hackers?
Is there any way I can restrict access to the MySQL database to my IP only?
The database is for an IPB 2.3.4 forum and the username/password are stored in a conf_global.php file that is CHMODed 0444.
A customer would like to move his hosting from another host to me. But the other host does not want to cooperate and give me access to the panel or files. Threw the customer I did get the ftp information, and within the config file I have the database username and password.
How is it possible to copy the database, without having the hosting panel access?
I'm building an ASP.NET 2.0 web app on a shared hosting plan. It looks like I have two good places to store my database. One is the App_Data folder that my .NET training tells me is the place to store databases. However, like many shared hosting plans I have a directory above the publicly accessible webroot folder with serves as my application root. Right next to my webroot folder is a databases folder which my web host apparently sets up as a default location for databases. So which is more secure? My App_Data folder? Or a "sibling" folder to my webroot?
If it matters, I have an Access .mdb, which I may upgrade to a SQL server .mdf.
Do you guys have any idea what is the best way to enable SFTP for a cPanel account?
I could give it Shell access, but isn't it possible without it?
1.Who can I secure and restrict SSH access?
View 3 Replies View RelatedI'm thinking about creating a limited platform for my employees to access my hosting servers
I wish they can create certain types of directories for users, set permissions on some directories, list users accounts, etc.
but although I don't think they would want to abuse this kind of access, I not only like the Trust-No-One premisse, but I also find it not very unlikely that the computer they're using get compromised or something like that
so I'd like to get technical ideas on how to develop this system and to know if anyone is interested and would like to contribute to the code
what I've considered so far is that I should either create a special user for that which would be on all users group, or should give it "root" access... the latter seems more reasonable for me considering the implementation and compatibility between systems and control panels
but with "root" access I mean "running MY INTERFACE to the employee as root"... this interface would have limited options like "create directory for user X", "list content of user X", etc. (taking a lot of care on input validation)... and would enforce some limits to prevent abuse (for example, can't list the content of more than 10 users per hour, or something like that... and alert me)
my main doubt is how you think that should be implemented? as a special server or as a webservice? with webservice I have the advantage of being capable of using SSL in a simple way and I don't need a special client (since any browser is a client)
then that could be PHP or Perl... but running as UID 0 (I don't even know if apache allows that, or if there's a workaround like SUID)
I have recently picked up a CentOS5 server running on an OpenVZ box. Going thru various guides, I have seen repeatedly the importance of securing the /tmp partition. However, I am running into trouble when I try to follow the usual commands [1][2]
For example:
# mount -o nosuid,noexec /media/tmpFS /tmp
mount: /media/tmpFS is not a block device (maybe try `-o loop'?)
If I check for the presence of loop, it is missing:
# ls -ltr /dev/loop*
ls: /dev/loop*: No such file or directory
If I try and create loop using /sbin/makedev loop and re-execute the mount command, I get a new error
mount: no permission to look at loop
The nearest I have found so far is this thread [3], which suggests using
mount -t tmpfs tmpfs /tmp
I believe the above will not persist across a reboot, so that defeat's the purpose.
Can you advise on how to mount /tmp in noexec,nosuid mode within the VPS environment?
I have windows servers that I'll be co-locating very soon. I have purchased a Dell 2161ds-2 and an APC remote boot power strip. Could someone please tell me the best way to secure remote access to these products. Do I put them on public IP's and allow them through the firewall or do I put them behind the firewall and access them after I authenticate through the firewall.
View 6 Replies View RelatedIs there a method of running a back-up script,as root, using MySQL, without passing or storing the root password in the clear?
I have tried OpenSSH with a nologin option using certificates, but I still have problems. I need to run it as a cron job every so often, (without specifics) securely.
I understand I can use another user, other than root, with read-only, but I need to back up the whole db at once, not specific users db's.
We want to serve web pages and I think we're getting very close to picking a partner for that. But we also want to have a secure, HA mySQL instance to vend serial numbers to purchased products. This means two more servers at separate data centers behind a load balancer. HA web servers are pretty expensive, is there a mySQL only solution that would be cheaper?(Connectria?) The load would be very light....
View 3 Replies View RelatedI want to develop a desktop-based application for content management for a customer. The problem is that every host I have found has a firewall that blocks any server except the web server from accessing the database.
On a programmatic level does anyone know of a way around this or, even better, a GOOD host that will allow me to do this?
What are the real risks involved with direct database access? I'm looking for relatively cheap shared hosting and likely cannot afford dedicated hosting.