easyx 1 Posted November 3, 2019 Share Posted November 3, 2019 Hey everybody so as i have seen a lot off people recommend to create a new mysql user for the website with only less privs so my question would be what privileges do i need to put at my web user to only handle what a website should handle?? Link to comment Share on other sites More sharing options...
Premium tierrilopes 451 Posted November 3, 2019 Premium Share Posted November 3, 2019 You check your queries to view what operations they do. Usually its just "Select, Insert, Update". But again, insert should only be in account.account and not the whole account.* for example. Same for other types, they should only access the exact table they need to, not the whole thing. 1 Link to comment Share on other sites More sharing options...
easyx 1 Posted November 4, 2019 Author Share Posted November 4, 2019 Hey thanks for the answer and can configure that on Navicat to only insert in account/acccount or is this website based? Link to comment Share on other sites More sharing options...
UnStoppable 4 Posted November 4, 2019 Share Posted November 4, 2019 If your site has a static IP address, I recommend that you indicate this to your account mysql, for example, [email protected] (it can do in Navicat). Also for more security, you must completely block the port mysql from the outside, and allow access to it only from the necessary ip addresses. 1 Link to comment Share on other sites More sharing options...
easyx 1 Posted November 4, 2019 Author Share Posted November 4, 2019 Yeah i thought about that adding the IP of my website but is there any kind of a log to see the ip which is connecting? well i have setup a firewall for more protection and i have no account at navicat without IP recognition but i just face the website to be unsecure still yet Link to comment Share on other sites More sharing options...
UnStoppable 4 Posted November 4, 2019 Share Posted November 4, 2019 didn't understand what the log do you mean? if someone connects through your site, you will only see the IP of your site on the database server, because the request will be from him. If you have a vulnerable site on sql inject then this will not help you. You should secure your site as much as possible, properly screen variables, and it’s best to use PDO. And if you do what I said above, it will give good protection. Link to comment Share on other sites More sharing options...
easyx 1 Posted November 4, 2019 Author Share Posted November 4, 2019 Yeah i was meaning logs on the server so on the Freebsd mysql to log which can show me the IP of my connecting website. How to see if a website is vulnurable to sql inject? Link to comment Share on other sites More sharing options...
UnStoppable 4 Posted November 4, 2019 Share Posted November 4, 2019 You can search Google for some vulnerability search services, for example: https://find-xss.net/scanner/?l=en 1 Link to comment Share on other sites More sharing options...
easyx 1 Posted November 4, 2019 Author Share Posted November 4, 2019 Thanks a lot do happen to also know if it is possible to use some kind of Dydns service as an ip at the Mysql users something like no-ip because i tried no ip but its not working Link to comment Share on other sites More sharing options...
Premium tierrilopes 451 Posted November 5, 2019 Premium Share Posted November 5, 2019 On 11/4/2019 at 7:40 AM, easyx said: Hey thanks for the answer and can configure that on Navicat to only insert in account/acccount or is this website based? You can easilly do that on navicat for exemple, if you need help i can show you how 1 Link to comment Share on other sites More sharing options...
easyx 1 Posted November 5, 2019 Author Share Posted November 5, 2019 vor 1 Stunde schrieb tierrilopes: You can easilly do that on navicat for exemple, if you need help i can show you how Thanks for the answer actually i tried to look what the privilieges mean at the user table and found something like a mysql guide but couldnt see quite through that so if you could explain me them that would be awesome Link to comment Share on other sites More sharing options...
Premium tierrilopes 451 Posted November 6, 2019 Premium Share Posted November 6, 2019 On 11/5/2019 at 4:13 PM, easyx said: Thanks for the answer actually i tried to look what the privilieges mean at the user table and found something like a mysql guide but couldnt see quite through that so if you could explain me them that would be awesome Sent discord Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now