SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,759
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Finding Connection Info?!

    I am using a free web hosting site for my Test Site. (www.byethost.com)

    It allows you to create MySQL databases and offers phpMyAdmin as well.

    Everything is just about set up, however, I don't know how to find the following...

    - Database Host Name

    - Database User

    - Database Password


    Debbie

  2. #2
    SitePoint Wizard guelphdad's Avatar
    Join Date
    Oct 2003
    Location
    St. Catharines, ON Canada
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you would use localhost as the host name.
    you'd use CPANEL and then Databases (I think it is marked that way). you'd then create a database and then you'd create a user and password for that user and privileges for that user. you'd then assign that user to the database.

    you can then use the user/password combo with localhost or 127.0.0.1 as the host name in your scripts.

  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,759
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by guelphdad View Post
    you would use localhost as the host name.
    you'd use CPANEL and then Databases (I think it is marked that way). you'd then create a database and then you'd create a user and password for that user and privileges for that user. you'd then assign that user to the database.

    you can then use the user/password combo with localhost or 127.0.0.1 as the host name in your scripts.
    On my Dev Laptop
    Code SQL:
    SELECT CURRENT_USER( ) 
     
    root@localhost
     
    ------------------------
    SELECT USER()
     
    root@localhost


    On my Free Hosting Account
    Code SQL:
    SELECT CURRENT_USER( ) 
     
    b2_12345@%
     
    ------------------------
    SELECT USER()
     
    b2_12345@192.168.0.2


    How does that compare to what you said above?


    Debbie

  4. #4
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    On my Dev Laptop
    Code SQL:
    SELECT CURRENT_USER( ) 
     
    root@localhost
     
    ------------------------
    SELECT USER()
     
    root@localhost


    On my Free Hosting Account
    Code SQL:
    SELECT CURRENT_USER( ) 
     
    b2_12345@%
     
    ------------------------
    SELECT USER()
     
    b2_12345@192.168.0.2


    How does that compare to what you said above?


    Debbie
    guelphdad was saying that in PHPMyAdmin or in CPanel (depending on the way your host sets up the database management) you should be able to created database users where you will create users with usernames and passwords as well as assign database permission for each user.

    You are advised to create a user that has only the minimum amount of permissions that your application needs. You will then use this user for the Database user and associated Database password with the local host being 127.0.0.1.

    If on your local machine you create the same user as on your host and they both have the same permissions then when you code locally you can simply copy the PHP and upload content to MySql on your host and it will work. As it stands right now you will have to change all your local database connection strings with username and password before you upload them to your host (or edit the database connection strings through the file manager is CPanel).

    Hope this helps
    Steve
    ictus==""

  5. #5
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,759
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ServerStorm View Post
    guelphdad was saying that in PHPMyAdmin or in CPanel (depending on the way your host sets up the database management) you should be able to created database users where you will create users with usernames and passwords as well as assign database permission for each user.

    You are advised to create a user that has only the minimum amount of permissions that your application needs. You will then use this user for the Database user and associated Database password with the local host being 127.0.0.1.

    If on your local machine you create the same user as on your host and they both have the same permissions then when you code locally you can simply copy the PHP and upload content to MySql on your host and it will work. As it stands right now you will have to change all your local database connection strings with username and password before you upload them to your host (or edit the database connection strings through the file manager is CPanel).

    Hope this helps
    Steve
    Well, your response doesn't answer my original questions, but it brings up another point on which I have always wondered...

    They say that "running as 'ROOT'" is a bad idea.

    As you can see above, locally my database name and password are 'root'.

    Questions:

    1.) Just because my Username and Password are 'root' doesn't necessarily mean that I am running as 'root' in my MySQL database, right??

    2.) What would make a MySQL User 'root' (or have 'root' access)??

    3.) What User/User-Type are my Users running as when they use my database?

    4.) I don't think I understand how a User/User-Type relate to strangers on the Internet accessing/using my database?

    Does each User have a User-Type with associated "rights"??

    Or is there some "generic" User??

    5.) What do I need to do to make my MySQL run in a safer mode?

    Thanks,


    Debbie

  6. #6
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Hi Debbie,


    Quote Originally Posted by DoubleDee View Post
    Well, your response doesn't answer my original questions, but it brings up another point on which I have always wondered...

    They say that "running as 'ROOT'" is a bad idea.

    As you can see above, locally my database name and password are 'root'.
    Running as root is considered bad practice in Linux as it means if anyone ever hacks the Linux server has full unabashed rights to do all sorts of dangerous stuff, also full root does not challenge when permissions or rights are changed. In Linux (which is most likely the type of O.S. running on your free host) a user normally uses 'sudo' to perform admin functions - in other words they temporarily take admin capabilities for the specific task being performed, but if someone hacks their user then it is typically not as dangerous as root.

    The Linux operating system has users and rights which are not related to MySql users and permission. For example a Root Linux user can have no or very limited access to a MySQL database running within its' own system.


    To your questions:
    Quote Originally Posted by DoubleDee View Post
    Questions:

    1.) Just because my Username and Password are 'root' doesn't necessarily mean that I am running as 'root' in my MySQL database, right??
    You or may not be using a 'lets call it an' admin account on your free host; it depends what database permissions are given to this user:
    Code:
    SELECT CURRENT_USER( ) 
     b2_12345@% ------------------------SELECT USER()  b2_12345@192.168.0.2
    This user could be granted full admin rights, which would be a bad idea to use this database users in your connection information.

    Quote Originally Posted by DoubleDee View Post
    2.) What would make a MySQL User 'root' (or have 'root' access)??
    A MySql can be granted user permissions, database permissions, and host permissions. A user that has:
    • User Permissions:
      • Access from 'Any' Hosts (any location remote or local)
      • Permission: Select table data, Insert table data, Update table data, Delete table data, Create tables, Drop tables, Reload grants, Shutdown database, Manage Processes, File operations, Grant privileges, reference operations, Manage indexes, Alter talbes, Show databases, Superuser, Create temp tables, Lock tables, Execute, Slave replications, Client replication, Create View, Show View, Create Routing, Alter Routine, and Create User
      • Database Permissions: Can access 'Any' database from 'Any' hosts with 'All' permissions
      • Hosts: Can Access 'Any' databases from specific hosts (say 172.16.0.172 or myfavouritedeveloper.com) with 'All' permissions


    A user with all these permission would have 'Super User' abilities. This is why I said that your 'b2_12345'user may be set with some or all these permissions. You will likely have some control of some of these permissions in your CPanel; although hosts differ in what control they give to you.

    Quote Originally Posted by DoubleDee View Post
    3.) What User/User-Type are my Users running as when they use my database?
    Answered above.

    Quote Originally Posted by DoubleDee View Post
    4.) I don't think I understand how a User/User-Type relate to strangers on the Internet accessing/using my database?
    Knowledgable hackers can do a number of security driven 'vector' attacks on your php application that can expose your database connection info. If your user has full rights then they can reek all sort of havoc with your database; they could hack your database, or maybe run another MySQL spam database from your account.

    Quote Originally Posted by DoubleDee View Post
    Does each User have a User-Type with associated "rights"??

    Or is there some "generic" User??
    There is no 'generic' user in MySQL. The rest of this is answered in Q2

    Quote Originally Posted by DoubleDee View Post
    5.) What do I need to do to make my MySQL run in a safer mode?
    Understand what rights a user needs with your applications and run a user with just the permissions required to run your application. For example, if your application only requires the ability to Select, Insert, and Update then you create a database user with only these rights and use it in your connections string. The other important part to your security is understanding how your host secures MySQL, you might want to ask them what security measures they use. You could research what they told you to ensure they are following best practices and appropriate security measures.

    Hope this helps.
    Steve
    ictus==""


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •