MySQL root password and other configuration issues |
MySQL root password and other configuration issues |
Christian J |
Jun 16 2010, 05:28 PM
Post
#1
|
. Group: WDG Moderators Posts: 9,661 Joined: 10-August 06 Member No.: 7 |
I'm finally going to try learning MySQL, and have installed a MySQL server on my computer (Windows with Apache and PHP). After some confusion I found that in order to succeed with PHP mysql_connect() I needed the username "root" and the MySQL root password created during the installation. Related questions:
- Is a root password necessary or useful on an offline testing server? Is it practical to make a new user account (with passwords?) in addition to root for each site I'm testing offline? - Any other security precautions? For example there's a "skip-networking" directive, which stops MySQL from listening on a TCP/IP port. - In phpinfo.php the "mysql.default_user" and "mysql.default_password" directives are listed. What are they used for? Apparently they're not the same as the MySQL root and password. - What is http://www.php.net/manual/en/ini.core.php#ini.sql.safe-mode used for? When enabled mysql_connect() fails, apparently because it makes PHP ignore my root password. So when do you use safe mode --when passwords are not used (sounds contradictory)? - Anything else to think of, so that my offline configurations won't differ too much from what online webhosts look like? I don't have any web host offering MySQL, so I can't check. |
Brian Chandler |
Jun 21 2010, 10:08 AM
Post
#2
|
Jocular coder Group: Members Posts: 2,460 Joined: 31-August 06 Member No.: 43 |
QUOTE Is something wrong with my code? Do I need the DROP privilege (how can I tell, or set it)? Or has MySQL prevented this? Haven't tested with SQLite. I'm sorry, I was only sketching -- you need to work out the details (the script kiddies already have). The basic error is assuming that a user input will be the sort of string it is meant to be. So typically you use mysql_real_escape_string() to ensure that the string will not leak outside the surrounding quotes. That's why (I am told by people whose names I have fogotten) you can get into "signup" boxes you don't really belong to by entering in the password box ['; 'x'='x] which converts an SQL test for a password match into an expression with the value TRUE. Well, roughly. Anyway, I don't understand the details of SQL "privileges"; pair gives me three logins for each database: full access, read-write (can't create or drop tables), and read-only. Don't think that's the problem anyway: your error message says that $result is not a valid resource -- when the SQL command doesn't return rows (as DROP, or CREATE, etc don't), then I don't suppose you can expect to get a row with mysql_fetch_array(). More basically, one thing you can be *absolutely* certain of: MySQL has not "detected an unauthorised action" and stepped in to make sure all children are safe. |
Lo-Fi Version | Time is now: 27th April 2024 - 08:52 PM |