Do you think they are getting a kickback from Oracle (the makers of Workbench), or is there a valid reason to consider phpmyadmin to be less secure than (the paid) workbench application?
The main issue using phpmyadmin is related to MySQL users allowed ip's.
For example; Let assume that you have installed MySQL with default configuration and you set 123456 as a password (which is not good). As you know root login are only allowed when source ip is 127.0.0.1 ( default configuration ). In this scenario, your database server will be secure even if 3306 port can be accessible from internet. Because of client have to initiate connection from 127.0.0.1 which is localhost.
If you've installed phpMyAdmin on your server, this source ip protection will be useless. Because hackers will be able to initiate MySQL connection from localhost through PHP/Apache.
In order to keep your database server secure, use SSH Tunneling feature of workbench . Documentation for ssh tunneling can be found here; https://www.namecheap.com/support/knowledgebase/article.aspx/9330/2180/how-to-connect-to-database-using-workbench-mysql-client
Related
I'm having a trouble which I can't connect to my database using IP Address. It works fine when I access it to my local but the problem is the other PC can't connect to my server. I've been using postgre v11 and navicat v12. Is there any permission to setup in my device in order that the other devices can access to my database? It would be great if anybody could figure out where I am doing something wrong. thank you so much in advance
You have to change the host settings of the database to access it from a foreign IP
I would look at two things if connections from remote hosts are being rejected.
First what is the value of the parameter listen_addresses in the postgresql.conf file? If it is set to:
listen_addresses='localhost'
It will be allow only local loopback connections. Change this (for example to listen on all interfaces) to:
listen_addresses='*'
Next, check the pg_hba.conf file has a rule to allow connections from your remote client. By default PostgreSQL will refuse these remote connections and they must be whitelisted. The following example entry would allow any user to connect to any database from 192.168.1.2 and they must supply the password
host all all 192.168.1.2/32 md5
Check out the official PostgreSQL docs for this at:
https://www.postgresql.org/docs/11/auth-pg-hba-conf.html
I just installed the new version of Elementary OS and I lost the configuration that makes work my Postgresql.
I have an app that works perfectly online with a remote DB on Heroku, but when I run that on my local machine I can't reach the server. I think I miss something in the pg_hba.conf because I have all services up and running and all ports open for the DB. Actually I have this config file
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
host all all 0.0.0.0/0 md5
host all all ::/0 md5
I hope you can give me a way to contact my DB. In the last installation, I was able to, but I lost the config file.
Hello and thanks for the replies. I read the docs that says just how to connect to local service or configure a server that runs on a machine. I did all the steps before (just in case): user add, configuration of the local DB, giving admin user to the DB etc.
This line (the last)
host all all ::/0 md5
Is the one the docs say to add, but it is working for DB calls on the same machine.
I take web monitors, scanned ports and whatever I could see on linux system: ports for Postgresql are open, service runs, seems all fine. DB is reachable via PGAdmin, same credentials in the app. App is a NodeJS that calls the DB for an interactive website.
For those reasons I believe that should be a configuration problem. I have also no active firewall, no other rules than the actual config file for postgresql.
As I write the app works perfectly when it is on local or when it is all on the server. I need to have a cross config for development to have quick way to work on the actual online DB and a local copy (editable) of the web app. Or permit more people to develop at same time from different machines.
There is no error, just the app can't go online to get the DB and loops to find it. At last goes timeout.
Last time I had fix this with a similar line, obviously it is not the right form. What I ask is simply a line of config. I am not skilled in server configuration and I don't need to be anyway: once this will be online the server will have already configuration. I don't even care on what SQL type I will work, the app has a parser that makes all SQLs compatible.
I had to restore the system because of a problem, otherwise all was working before and I changed just that line, can't remember how...
Hope this will clear the situation.
With the recent attacks on Mongo databases, I've seen many guides on how to password-protect your database. I've gone through each guide and I've set up a 'superAdmin' with root role and another basicAdmin with read/write privileges. I reboot mongo using
mongo --auth
and authenticate using my superAdmin login, however this causes problems for my site which uses this db. When I boot my Node app, I can't access any pages as it cannot connect to the database because it has auth enabled. If in my config/database.js file I have:
module.exports = {
'database': 'mongodb://myWebsite.com/myDatabase'
};
How can I allow my site to access my MongoDB and read/write as users signup but also restrict any ransomware group from just walking in and dropping every collection over and over?
There are three main methods that you can use to protect your database.
Username and password
This is the simpler one. As you have mentioned that you have already secured the server using password, you can simply connect to database using mongoose as
mongoose.connect('mongodb://username:password#host:port/database');
I might recommend here that you change the default port of mongoDb to something else. Changing port can be found in file /etc/mongodb.conf.
Bind to private ip and use firewall
Again refering to file /etc/mongodb.conf change bind_ip to local ip of your network. Most of the services do provide that. Also better to setup firewall for the same. Simple firewall that you can use is UFW. Only allow traffic from servers that you are using. This method might not be effective if you are using shared vpn service.
SSH tunnel to access database
This is far most the most reliable method and i would recommend you to use this with the last method. Here is how this works. Set bind_ip to 127.0.0.1. Let us assume that you are running port on 5000. In order to set up a tunnel use
ssh \
-L 4000:localhost:5000 \
-i ~/.ssh/key \
<username>#mongo_db_ip
Remember to add your ssh key in instance running mongodb database. The above command should be issued on server that is running nodejs. 5000 as mentioned is the remove port and 4000 is the local port that you need to connect to on mongodb. So your command in mongoose to connect to database would be
mongoose.connect('mongodb://localhost:4000/<database>');
Summary
As you can see in almost all the steps i have focused on setting up a firewall which is very important.
Also username and passwords should be avoided and it is better to use ssh keys. From practical experience they also reduce a lot of burden while you are scaling up your service.
Hope this helps you out.
We have CouchDB installed on a separate machine.
When it was installed on my machine, it was accessible through Fauxton via link http://localhost:5984/_utils/index.html
Also, I am using Divan, a C# library to interact with CouchDB. It uses host as localhost and port as 5984 - default host and port names to connect with database.
But now I have CouchDB installed on another machine, how can I access it in this case?
Please suggest.
Thank you.
You need to allow exterior access in the new machine (which I'll just call the server). Your computer is the client. First, make sure the server is accessible from your network and get its IP address using ipconfig or ifconfig in the command line.
First, in the server, open the CouchDB configuration file, which is
/usr/local/etc/couchdb/local.ini in Linux
or
C:\Program Files\CouchDB\etc\couchdb\local.ini in Windows
and change
[httpd]
bind_address = 127.0.0.1
to
[httpd]
bind_address = 0.0.0.0
If there is no bind_address already in the file, just add it.
Then save the file.
Now, from the client, you can access futon from your machine using {SERVER_IP}:5984/_utils.
In Divan, set host to {SERVER_IP}. Unless you configure it otherwise, the port remains 5984.
Reference:
http://docs.couchdb.org/en/2.0.0/config/intro.html *
http://docs.couchdb.org/en/2.0.0/config/http.html *
(*) I'm assuming you're using CouchDB 2.0, but in my experience with 1.6.1 this instructions also work.
Connect to your server locally:
localhost:5984/_utils
then simply from the setting section, change the bind_address to 0.0.0.0
I have installed a Neo4J instance on my server on port 7474. My domain is also using that server and I want webadmin to be used remotely with a username and a password like this:
example.com:7474
Is there a way to do that? I could not find any guideline in the Neo4J documentation.
Did you get a chance to go through Neo4j Server Configuration documentation? It says:
#allow any client to connect
org.neo4j.server.webserver.address=0.0.0.0
This line in conf/neo4j-server.properties is commented by default and limits access to port 7474 to localhost or 127.0.0.1 (which probably is the reason why things work for your domain using that server and accessing Neo4j over localhost). Uncomment that line and it should make port 7474 accessible to everyone i.e. 0.0.0.0.
In order to secure your Neo4j server with an Authorization layer, you might want to refer Securing access to the Neo4j Server documentation.
In my case on ubuntu the line to uncomment was
dbms.connector.http.address=0.0.0.0:7474
File location
Ubuntu: /etc/neo4j/neo4j.conf
Neo4j 3.0.6