Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Protecting Mysql access from Web Master


smash123

Recommended Posts

Posted

I need to fire my company's web master tomorrow. In case if he will do any damage to our company's web site. I need to change all the pw to block his access. I'm going to change the ftp pw that is no problem for me. Also I 'm afraid to change the Mysql user pw because I know there are many files contains the db connection. If I change the Mysql user pw then it will have a great chance some page will not work. Want to know if there is anything I can do to block outside remote access for Mysql server? That way I can leave everything as it is and wait for a new web master coming to do the changing pw as I'm not too knowledge about that. Or is there anything you suggest me to do when a web master is leaving? Thank you in advance!

Posted

Here's what you need to do:

 

1. Contact your host and have them change your account password, and any other passwords that may be used to login to the control panel provided by your host (if they provide one - most do). Even if you have not provided this password to your programmer, I'd recommend changing this anyways, especially if it's written down somewhere.

2. Change your FTP password (obviously you know this one).

3. Change ALL of your MySQL user passwords. It depends on the host how this is done. Normally it can be done through your control panel. It is possible that you have been set up with multiple database users. If so, you need to change passwords for all of these users.

4. Immediately after the MySQL passwords are changed, you will need to use an FTP program to download two files:

 

includes/configure.php

admin/includes/configure.php

 

Scroll to the bottom of each and edit the line that reads

 

define('DB_SERVER_PASSWORD', 'password');

 

Change 'password' to your new database password. When you upload the files over the existing ones, you may have to edit the permissions of those files first, depending on how the programmer and the host have things set up. Sometimes they may be set so that no one can overwrite them as a security measure. Sometimes they are set so that no one but you can overwrite them. After you have uploaded them, you will want to make sure they are set back to their original permissions.

 

Want to know if there is anything I can do to block outside remote access for Mysql server?

 

This is something your host would have to do. Normally, hosts do not allow anyone not logged in through SSH or their control panel to access MySQL databases. There's generally little valid need for someone outside of their network to need to log in, so they disallow outside connections as a security practice. This is another reason why changing your account password or control panel password is important, since that is often the way to access MySQL databases. Regardless, changing all database passwords will prevent anyone from outside (not logged in through control panel or SSH) logging in unless they know the new passwords.

 

If you're unclear about how many passwords you have, or what tools you might have available with passwords that need to be changed, contact your host.

Contributions

 

Discount Coupon Codes

Donations

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...