OK. The below text is from the MySQL website.
"When you connect to a MySQL server, you should use a password. The password
is not transmitted in clear text over the connection. Password handling
during the client connection sequence was upgraded in MySQL 4.1.1 to be very
secure"
Has anyone actually tested this by "sniffing" their packets during use?
Also, does anybody know if this applies when using VB to connect using the
connection string?
This may be totally obvious but I was just looking for a 2nd opinion. I
have not yet "sniffed" my own packets yet as currently, my DB server is
deader than dead.
--
Bob
--------------------------------------
I'll have a B please Bob. 10 1480
"Bob Hollness" <bo*@blockbuster.com> wrote in
news:eL**************@TK2MSFTNGP14.phx.gbl: OK. The below text is from the MySQL website.
"When you connect to a MySQL server, you should use a password. The password is not transmitted in clear text over the connection. Password handling during the client connection sequence was upgraded in MySQL 4.1.1 to be very secure"
The reason why MySQL recommends a passport because by default I believe
there is no password set (or a very basic password). MySQL is typically
setup to use hostname filters instead of passwords.
Has anyone actually tested this by "sniffing" their packets during use? Also, does anybody know if this applies when using VB to connect using the connection string?
MySQL stores their passwords as hashes, so it's impossible to retrieve the
original password. I haven't sniffed MySQL packets before, but I believe
they send a password hash rather than a clear text password.
In anycase, I haven't heard of a MySQL vulnerability lately... so if your
MySQL server is dead, could be a configuration issue on your side.
--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
Thanks. I am connecting to my server over the internet and it will not
always be from the same machine. this is why I am using passwords. My
server is only dead because i broke it trying to upgrade something!
The question i wanted clarifying was this. Is my connection string that I
generate in code using VB, handing over the internet as plain text or does
it interface with the local MySQL dll's that you have to install, and then
do they in turn check the password securely?
--
Bob Hollness
-------------------------------------
I'll have a B please Bob
"Lucas Tam" <RE********@rogers.com> wrote in message
news:Xn***************************@140.99.99.130.. . "Bob Hollness" <bo*@blockbuster.com> wrote in news:eL**************@TK2MSFTNGP14.phx.gbl:
OK. The below text is from the MySQL website.
"When you connect to a MySQL server, you should use a password. The password is not transmitted in clear text over the connection. Password handling during the client connection sequence was upgraded in MySQL 4.1.1 to be very secure"
The reason why MySQL recommends a passport because by default I believe there is no password set (or a very basic password). MySQL is typically setup to use hostname filters instead of passwords.
Has anyone actually tested this by "sniffing" their packets during use? Also, does anybody know if this applies when using VB to connect using the connection string?
MySQL stores their passwords as hashes, so it's impossible to retrieve the original password. I haven't sniffed MySQL packets before, but I believe they send a password hash rather than a clear text password.
In anycase, I haven't heard of a MySQL vulnerability lately... so if your MySQL server is dead, could be a configuration issue on your side.
-- Lucas Tam (RE********@rogers.com) Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
"Bob Hollness" <bo*@blockbuster.com> wrote in
news:eO**************@TK2MSFTNGP11.phx.gbl: The question i wanted clarifying was this. Is my connection string that I generate in code using VB, handing over the internet as plain text or does it interface with the local MySQL dll's that you have to install, and then do they in turn check the password securely?
The connection string is assigned to your MySQL .NET Database Classes
right? In that case, the connection string is passed to the MySQL.NET DLLs,
encrypted, then sent over the internet.
I'm pretty sure the text is encrypted (or at least Hashed). You can verify
this by running a packet sniffer.
If you need a free sniffer, check out Ethereal. It's very easy to setup and
you can start sniffing your packets in ~5 minutes! : )
--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
This is my connection string. Is this what you was referring to?
MAConn.CursorLocation = ADODB.CursorLocationEnum.adUseServer
MAConn.ConnectionString = "DRIVER={MySQL ODBC 3.51 Driver};" _
& "SERVER=IPADDRESS;" _
& "PORT=3306;" _
& "DATABASE=MyDB;" _
& "UID=" & "testuser" & ";" _
& "PWD=" & "123abc" & ";" _
& "OPTION=" & 1 + 2 + 8 + 32 + 2048 + 16384
MAConn.Open()
Thanks for the help. I am not yet using the .NET connecter from MySQL,
still using the ODBC dll's.
--
Bob
--------------------------------------
I'll have a B please Bob.
"Lucas Tam" <RE********@rogers.com> wrote in message
news:Xn***************************@140.99.99.130.. . "Bob Hollness" <bo*@blockbuster.com> wrote in news:eO**************@TK2MSFTNGP11.phx.gbl:
The question i wanted clarifying was this. Is my connection string that I generate in code using VB, handing over the internet as plain text or does it interface with the local MySQL dll's that you have to install, and then do they in turn check the password securely?
The connection string is assigned to your MySQL .NET Database Classes right? In that case, the connection string is passed to the MySQL.NET DLLs, encrypted, then sent over the internet.
I'm pretty sure the text is encrypted (or at least Hashed). You can verify this by running a packet sniffer.
If you need a free sniffer, check out Ethereal. It's very easy to setup and you can start sniffing your packets in ~5 minutes! : )
-- Lucas Tam (RE********@rogers.com) Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
"Bob Hollness" <bo*@blockbuster.com> wrote in news:u511X6n4EHA.208
@TK2MSFTNGP12.phx.gbl: This is my connection string. Is this what you was referring to?
MAConn.CursorLocation = ADODB.CursorLocationEnum.adUseServer MAConn.ConnectionString = "DRIVER={MySQL ODBC 3.51 Driver};" _ & "SERVER=IPADDRESS;" _ & "PORT=3306;" _ & "DATABASE=MyDB;" _ & "UID=" & "testuser" & ";" _ & "PWD=" & "123abc" & ";" _ & "OPTION=" & 1 + 2 + 8 + 32 + 2048 + 16384
MAConn.Open()
Thanks for the help. I am not yet using the .NET connecter from MySQL, still using the ODBC dll's.
Yes, that's the connection string I'm referring to. The ODBC DLLs parse the
string out and populate connection parameters... so I'm 95% sure that the
username/password is not sent as clear text.
--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
excellent. thanks for you help. hopefully i will have my server working
again today so i can sniff the packets.
--
Bob
--------------------------------------
I'll have a B please Bob.
"Lucas Tam" <RE********@rogers.com> wrote in message
news:Xn***************************@140.99.99.130.. . "Bob Hollness" <bo*@blockbuster.com> wrote in news:u511X6n4EHA.208 @TK2MSFTNGP12.phx.gbl:
This is my connection string. Is this what you was referring to?
MAConn.CursorLocation = ADODB.CursorLocationEnum.adUseServer MAConn.ConnectionString = "DRIVER={MySQL ODBC 3.51 Driver};" _ & "SERVER=IPADDRESS;" _ & "PORT=3306;" _ & "DATABASE=MyDB;" _ & "UID=" & "testuser" & ";" _ & "PWD=" & "123abc" & ";" _ & "OPTION=" & 1 + 2 + 8 + 32 + 2048 + 16384
MAConn.Open()
Thanks for the help. I am not yet using the .NET connecter from MySQL, still using the ODBC dll's.
Yes, that's the connection string I'm referring to. The ODBC DLLs parse the string out and populate connection parameters... so I'm 95% sure that the username/password is not sent as clear text.
-- Lucas Tam (RE********@rogers.com) Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
"I picked a bad day to stop sniffing packets"
Seriously, I was wondering about this same thing also, as I'll be
upgrading my home server from MySQL 3.23. to 4.1.1 in the near future.
"Jerry H." <bo*********@gmail.com> wrote in news:1103206415.042924.64710
@f14g2000cwb.googlegroups.com: "I picked a bad day to stop sniffing packets"
Seriously, I was wondering about this same thing also, as I'll be upgrading my home server from MySQL 3.23. to 4.1.1 in the near future.
FYI: http://dev.mysql.com/doc/mysql/en/Se...st_attack.html
--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
OK. And the results are.....
The initial connection is encrypted, but EVERYTHING else after that is sent
as plain text. So, if you ever do any administration, make sure you do it
via SSH as otherwise if you create a user, the password is sent as text for
all to see!
--
Bob Hollness
-------------------------------------
I'll have a B please Bob
"Jerry H." <bo*********@gmail.com> wrote in message
news:11*********************@f14g2000cwb.googlegro ups.com... "I picked a bad day to stop sniffing packets"
Seriously, I was wondering about this same thing also, as I'll be upgrading my home server from MySQL 3.23. to 4.1.1 in the near future.
"Bob Hollness" <bo*@blockbuster.com> wrote in
news:un**************@TK2MSFTNGP11.phx.gbl: The initial connection is encrypted, but EVERYTHING else after that is sent as plain text. So, if you ever do any administration, make sure you do it via SSH as otherwise if you create a user, the password is sent as text for all to see!
Yup, that's exactly what the docs say : )
--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Garp |
last post by:
Everyone,
I know there's no comp.databases.mysql group, but if there's the demand for
questions about phrasing queries and the like that aren't PHP related (and
there is - every other q. seems...
|
by: Richard Gabriel |
last post by:
Hi all,
The following keeps happening and I can't pinpoint a query that is
causing it. It did not happen in 3.23.x, but started upon upgrading to
4.0.14. The operating system/hardware...
|
by: Henry Hank |
last post by:
Environment:
I'm setting up a database server on a Dell Poweredge 2650, dual 1.8GHZ pentium
with 1GB of memory and RAID5 drives. I've installed RedHat 9, and updated the
kernel to 2.4.20-19.9smp....
|
by: Simon |
last post by:
Hi,
I'm trying to get a version of MySQL 4.1.0 installed on my (Gentoo Linux)
machine. I have a copy of MySQL 4.0.13 already installed, using Gentoo's
ebuilds, but am trying to install 4.1.0 in...
|
by: alchimista |
last post by:
hi, I've succesfully installed mysql on linux 2.4.x (TRUSTIX), I've
tried to move it on my chroot jail but after 10s it crashes with the
following message:
--- cut here----
040602 18:22:21 ...
|
by: pratchaya |
last post by:
This is my sample error in my MySQL Log
New value of fp=(nil) failed sanity check, terminating stack trace!
Please read http://www.mysql.com/doc/en/Using_stack_trace.html and
follow instructions...
|
by: David Moore |
last post by:
Hi All,
I'm moving some php/mysql development work from one PC to another. I wanted
to use the latest versions of php, MySQL and Apache on the new machine, so
I've downloaded the appropriate stuff...
|
by: alf |
last post by:
Hi,
is it possible that due to OS crash or mysql itself crash or some e.g.
SCSI failure to lose all the data stored in the table (let's say million
of 1KB rows). In other words what is the worst...
|
by: Tom |
last post by:
I use the adodb_lite class and I'm getting curious results with a
wrapper function I've written to insert an array in a table. The
function has an optional parameter to verify columns (the array...
|
by: DolphinDB |
last post by:
Tired of spending countless mintues downsampling your data? Look no further!
In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: Vimpel783 |
last post by:
Hello!
Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
|
by: jfyes |
last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
|
by: ArrayDB |
last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
|
by: Shællîpôpï 09 |
last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
| |