472,779 Members | 2,166 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,779 software developers and data experts.

Problem regarding Confining a user for securing MYSQL

638 512MB
hi every one I am A new Bee to php mysql and i was surfing through the net to learn about how to secure the mysql when you are working in a web environment while working with php html and javascript i came through this article
and before i proceede i must tell you that iam using win xp professional sp2

where were given two main and very first step before you start making your program or start using your database
the first stepDefine your Users was alright i got that and did it but when i reached
the second step Confine your users i was confused to how to run my database in chrooted environment i mean i have installed XAMP and i have installed it onother than c:\ drive but how can i "Remove the Everyone group, add the MySQL group, and give full control to the directory structure."
isnt this thing the one that i did in the first step creating the user, what I dont think so ,here is the second step
Confine your users

Allowing a remote user to run a process on your server is inherently dangerous, but it happens every time you open a Web page or run a network application. The key to securing this remote access is limiting the local resource structure to a specific user process.

You can confine remote access to MySQL by running your database in a chroot environment. (Chroot changes the root directory and restricts a process to an isolated subset of the file system.)

[b]Windows Server 2000 or Windows Server 2003[b]
Follow the installation instructions, and install the database on a separate drive from your system drive (typically C:). Remove the Everyone group, add the MySQL group, and give full control to the directory structure.

If your database is colocated on your Web server, you need to disable access to TCP port 3306. This eliminates direct attacks from remote connections.
thanks for any help in this regard, and would be higly appreciated
regards omer
Mar 8 '08 #1
4 1655
4,258 Expert 4TB
You are double posting!! with thread hi,][quote=mageswar005]hi, , Changing the thread title does not help to avoid this. Do not do this again. The new thread will be removed.

Mar 14 '08 #2
638 512MB
[quote=ronverdonk]You are double posting!! with thread hi,]
, Changing the thread title does not help to avoid this. Do not do this again. The new thread will be removed.

i apologise that but i thaught that i might have not given an appropriate topic name because of which there hasnt been any reply so far and as i could nit change the topic now so i thaught i might post it again with a better topic thats why.
but i would be careful next time ,
My apologies,
Omer Aslam.
Mar 15 '08 #3
4,258 Expert 4TB
Ok Omer, I understand and it is okay. See you.

Mar 15 '08 #4
638 512MB
Ok Omer, I understand and it is okay. See you.

:) thanks sir
Mar 18 '08 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

by: NotGiven | last post by:
I read several web sites and O'Reilly's book on MySQL about securing the system tables. I removed several users and, as advised inthe book and web sites, changed the user "root" to another name...
by: Massimo Fiorentino | last post by:
Hello there! I am a bit of a newbee into the mySQL world and I have a question regarding switching from one DB to another. I have for a couple of years used a very simple CMS-system created by...
by: notbob | last post by:
Newb here! Using 4.0.20 on Slack. Slogging through the official manual. At 2.4.3 Securing the Initial MySQL Accounts, I'm finally stopped cold while trying to follow instructions. Here's what I...
by: ejpoirier | last post by:
I'm trying to get https to work for Web Services in PHP. I've installed PHP 5.0.5 with the following configuration line: ../configure --with-mysql=/usr/local/mysql \...
by: Stephen Poley | last post by:
Whenever anyone has a question about securing an Access database he/she is usually referred (unsurprisingly) to the Security FAQ. This is however incomplete/unclear with respect to databases with a...
by: Aahz | last post by:
I have asp.net web site that connects on mysql databse via ODBC. From time to time it happen that connection is just being lost by itself, visitor got error message. Then I just log into my control...
by: Daniel | last post by:
is there a way to detect if a user tries to access a php file? For instance, db.config.php is called in many php pages but should never actually be open directly. Is there a way to know if...
by: Jim | last post by:
Hi, I have two questions/problems pertaining to CSS horizontal dropdown menus and am hoping that someone here can help me out. (1) I'm having a problem centering the menu. I picked up the...
by: pantone187 | last post by:
Hi everyone, I'm a pretty novice PHP programmer as all I've done so far is to do simple registration forms for events. The data that's going from the from to the database (mySQL) didn't need much...
by: Rina0 | last post by:
Cybersecurity engineering is a specialized field that focuses on the design, development, and implementation of systems, processes, and technologies that protect against cyber threats and...
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 2 August 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
by: linyimin | last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
by: kcodez | last post by:
As a H5 game development enthusiast, I recently wrote a very interesting little game - Toy Claw ((http://claw.kjeek.com/))。Here I will summarize and share the development experience here, and hope it...
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
by: lllomh | last post by:
How does React native implement an English player?
by: Mushico | last post by:
How to calculate date of retirement from date of birth
by: DJRhino | last post by:
Was curious if anyone else was having this same issue or not.... I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.