[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [kDev] MySQL security...
On Tue, 2 Jul 2002, Daniel Harris wrote:
> Anybody care to see if you can get into the database from the outside world
> using user/pass from source code. Please don't trash anything tho'. If it's
> not safe what do I need to do?
[jon@jon jon]$ mysql -h www.kendra.org.uk -u "kendra" -p
Enter password:
ERROR 1130: Host 'jon.demon.co.uk' is not allowed to connect to this MySQL
server
Well, looks like you're safe from the most obvious connect attempt anyway.
Since you are only connecting to localhost you could stop mysql accepting
TCP/IP connections at all using the mysqld --skip-networking option (or at
least you can with my old 3.22.22 version). You then specify the unix
socket name in the php mysql_pconnect() (I forget the exact syntax but it
can be done). You can figure out what this file is called by doing:
[root@jon jon]# netstat -l -p|grep mysql
tcp 0 0 *:3306 *:* LISTEN
726/mysqld
unix 0 [ ACC ] STREAM LISTENING 1067 726/mysqld
/tmp/mysql.sock
In this case the file is /tmp/mysql.sock. (You can also see my mysql
listening on TCP/IP port 3306)
cheers,
Jon
======================= Jon Chambers =========================
jon@xxxxxxxxxxxxxxx http://www.jon.demon.co.uk 020 8567 1846
==============================================================