Highest Voted 'mysql' Questions - IT Security Stack Exchange

9

votes

3 answers

Beneficial to rename MySQL root user?

Title sums it up. I'm setting up a dedicated server as opposed to using shared hosting, and am wondering if it's more secure to change the MySQL root username. I've gone for a long and complex password, and I've done my best to secure the server…

mysql

asked Sep 02 '11 at 19:35

Biggles

93
1
3

5

votes

3 answers

Drupal Security & Two DBs

I use drupal for our site. It uses nodes that store data. We link lots of these nodes together to allow us to log jobs, customer info, invoices etc. These are linked via an addon drupal module. If I were to delete the links the entire site would be…

mysql

asked Aug 14 '12 at 21:42

Paul

527
4
8

5

votes

1 answer

How much extra security do the Host part of a mysql user account provide?

MySQL users have a username and a Host associated with them, so usually you'd identify the user by 'user'@'host'. The host part is there to assure only clients which connect from that specific host are allowed, even if they happen to have the…

mysql

asked Nov 08 '15 at 12:24

Lars Nyström

153
3

3

votes

4 answers

PHPMyAdmin vs Remote client restricted by IP address

I'm looking for a secure way to access a MySQL database. I'm currently using PHPMyAdmin but wondering if it would be better to use a desktop client and restrict access to only the IP addresses I know I will be accessing from. Does anyone have any…

mysql

asked Aug 07 '13 at 07:45

williamsdb

143
1
5

3

votes

2 answers

securing unpatched websites

I have a client with a lot (read several thousand) websites in several old cms solutions that are no longer maintained. Now moving all of them to a maintained solution isn't really an option at this point. So I'm thinking about ways to secure the…

mysql

asked Aug 29 '12 at 09:00

neuron

131
1

2

votes

2 answers

Is giving out login information to a read-only mysql database to the public a security threat?

I was looking to give out login information to a read-only mysql database (via phpmyadmin) to the public (the users of my program) to use for reference purposes on a production environment. Would I be risking anything on my side by doing so…

mysql

asked Apr 02 '14 at 04:58

aman207

123
5

2

votes

1 answer

How to operate PHPmyadmin with an SSH tunnel?

My server environment is quite basic: Ubuntu 16.04, MySQL 5.7.16, PHP 7 and CSF-LFD. I also blocked port 3306 via scf.conf. I have a script that installs PHPmyadmin (PMA) and deletes it after 2 hours. To secure PMA even more I was advised to operate…

mysql

asked Dec 24 '16 at 04:51

user123574

1

vote

1 answer

Should I block users from viewing SQL files?

I've been told it's wise to use .htaccess to block users from viewing .sql files etc. Looking for advice on this. If I block user access, will this affect my admin-side ability to write to sql? If so, can I use .htaccess to provide an exception for…

mysql

asked Aug 14 '15 at 23:34

Claire

145
6

1

vote

4 answers

Check for database tampering

I have a database table that I want to confirm has not been tinkered with. My theory is to create a hash of static items and store that in the table. Then compare these when the data is required, for example.... …

mysql

asked Jan 17 '13 at 07:42

maxum

213
1
5

1

vote

1 answer

Does MySQL Router offer any protection of MySQL-DBs behind it?

I recently stumbled upon MySQL Router. Its documentation defines it's purpose as follows: MySQL Router is part of InnoDB cluster, and is lightweight middleware that provides transparent routing between your application and back-end MySQL…

mysql

asked Aug 19 '19 at 12:52

Euphrasius von der Hummelwiese

1,080
6
20

1

vote

0 answers

MySQL Database Activity Monitoring Solutions

We are looking for a DAM solution for MySQL. There is of course GreenSQL but it seems to lack some of the features we desire like robust filtering of reports for export purposes, etc. It's very basic. Gartner lists off a bunch of Technology…

mysql

asked Oct 12 '12 at 22:45

Jason

591
5
13

1

vote

1 answer

What MySQL information should be kept secret?

I'm writing an open-source program interfacing with a protected MySQL server. I'd like to keep the development environment as close to the production environment as possible. Variables that must be kept secure are passed in via environment…

mysql

asked Apr 15 '19 at 21:01

user276833

13
3

1

vote

1 answer

Security risks of Read-only MySQL Database access behind firewall

Are there any obvious security risks to providing a none IT Staff member read-only Database access (through MySQL Workbench) to a Wordpress Database, if this is behind a firewall/VPN?

mysql

asked Apr 03 '19 at 18:04

userawhdoahoohaodhoawd

11
2

1

vote

1 answer

Is it safe to have a mysql server on a home computer?

I installed a mysql server 5.7 in my home computer but I am afraid if someone scans my ip with nmap then he will simply find open mysql port no. 3306 as windows service and then he can simply bruteforce to gain access if I have a weaker…

mysql

asked Dec 07 '17 at 07:37

daya

177
2
7
20

1

vote

1 answer

In a User Roles table is it better to identify users with an ID or username?

I want to create a user roles SQL table which stores information about users permissions and roles (Such as Admin, Worker, User) I need 2 columns in the table one which identifies which user it is and the other is the level of permission the user…

mysql

asked May 16 '16 at 14:11

mateos

175
1
6

Questions tagged [mysql]