TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

User

Welcome to TinyPortal. Please login or sign up.

Stats

Members
  • Total Members: 3,965
  • Latest: boruko
Stats
  • Total Posts: 195,982
  • Total Topics: 21,320
  • Online today: 431
  • Online ever: 8,223 (February 19, 2025, 04:35:35 AM)
Users Online
  • Users: 0
  • Guests: 183
  • Total: 183

MySql

Started by swampy, May 04, 2010, 11:56:07 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Swampy

May 04, 2010, 11:56:07 PM
What are you folk using to connect remotely to your mysql database?

Blue Steel

#1
May 05, 2010, 01:13:17 AM
I don't .,. I just use phpmyadmin. opening up your database to remote login is a huge security risk.
I've seen several sites taken down by making it open so that they could generate offline forum CD's .. and someone else has got in while they were doing it.. so i say just "DON 'T DO IT" lol

Swampy

#2
May 05, 2010, 04:24:44 AM
Quote from: BlueSteel on May 05, 2010, 01:13:17 AM
I don't .,. I just use phpmyadmin. opening up your database to remote login is a huge security risk.
I've seen several sites taken down by making it open so that they could generate offline forum CD's .. and someone else has got in while they were doing it.. so i say just "DON 'T DO IT" lol


I hear you but when you have some tables larger than  phpmyadmin allowable limits you have to go the remote method.

Blue Steel

#3
May 05, 2010, 05:06:39 AM
i'd suggest getting the sys admin to edit the phpmyadmin cfg file to allow it then ;) I'm sure they have a setting in there that can be edited..

IchBin

#4
May 05, 2010, 05:16:15 AM
There are certainly other scripts you can use that don't require you to open remote access. Bigdump is one that comes to mind.

Swampy

#5
May 05, 2010, 09:38:27 AM
Thanks for the advise ! :)

Ardos

#6
May 09, 2010, 05:04:46 AM
I prefer Navicat Lite.

However, I never knew remote connection could be a security risk :o.

IchBin

#7
May 09, 2010, 06:19:24 AM
I could give you an example that I just found the other day while at work. I was viewing a site that I frequent. It's a site written in php. They for some reason, didn't turn error reporting off. When I hit a page, it gave me an error pointing at one of their config files. I thought for fun, I'd see if I could hit their config file directly. It turns out, that their server wasn't setup properly, and instead of not parsing the config file, it showed me the file in full text. I now had their database username and password. Next I did a nmap from my linux machine and found that they had their mysql port wide open to the world. So guess what? Now I had complete access to read, write, and delete anything from their database. How scary is that? lol I sent the guy an email telling him he needed to fix things up. No response yet...

People need to make sure servers are secure. If you can eliminate anything like closing down ports and services that should not be accessible, then by all means do it! If you actually need to open Mysql for your access, put a firewall rule in to only allow your specific IP.

Ardos

#8
May 09, 2010, 05:18:17 PM
Wow. Sounds kinda like a nightmare. But thanks for the tips, I'm going to start looking into that kinda stuff.
Print
Go Up Pages1
User actions

This website is proudly hosted on Crocweb Cloud Website Hosting.