probleme securité mysql [résolu]

mat24 · Le 19/07/2006, à 16:22

Bonjour

j'ai un soucis avec mysql
j'ai installé tout ça avec xampp
pis j'aimodifié la securité (grace au tuto ttoine au passage)
mon gros soucis j'ai modifié aussi la regle d'accessibilité de mysql par le reseau du coup lorsque je fais une requete sql a partir d'un pc distant j'ai une erreur not allowed to access my sql)
j'arrive pas du tout à reconfiguré tout ça
j'ai bien decommenté la ligne bind adress
la ligne skip networking semble bien commentée aussi ....
je sais pas trop la ? !

en plus il y'a 2 my.conf !! 1 dans etc/mysql l'autre dans opt/lampp/etc/
donc je ne sais pas trop quopi modifier !!!
voila le premier (situé dans etc/mysql)

#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "/var/lib/mysql/my.cnf" to set server-specific options or
# - "~/.my.cnf" to set user-specific options.
# 
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html

# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client]
port		= 3306
socket		= /var/run/mysqld/mysqld.sock

# Here is entries for some specific programs
# The following values assume you have at least 32M ram

# This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe]
socket		= /var/run/mysqld/mysqld.sock
nice		= 0

[mysqld]
#
# * Basic Settings
#
user		= mysql
pid-file	= /var/run/mysqld/mysqld.pid
socket		= /var/run/mysqld/mysqld.sock
port		= 3306
basedir		= /usr
datadir		= /var/lib/mysql
tmpdir		= /tmp
language	= /usr/share/mysql/english
skip-external-locking
#
# For compatibility to other Debian packages that still use
# libmysqlclient10 and libmysqlclient12.
old_passwords	= 1
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address		= 0.0.0.0
#
# * Fine Tuning
#
key_buffer		= 16M
max_allowed_packet	= 16M
thread_stack		= 128K
#
# * Query Cache Configuration
#
query_cache_limit	= 1048576
query_cache_size        = 16777216
query_cache_type        = 1
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
#log		= /var/log/mysql.log
#log		= /var/log/mysql/mysql.log
#
# Error logging goes to syslog. This is a Debian improvement :)
#
# Here you can see queries with especially long duration
#log-slow-queries	= /var/log/mysql/mysql-slow.log
#
# The following can be used as easy to replay backup logs or for replication.
#server-id		= 1
log-bin			= /var/log/mysql/mysql-bin.log
expire-logs-days	= 20
max_binlog_size         = 104857600
#binlog-do-db		= include_database_name
#binlog-ignore-db	= include_database_name
#
# * BerkeleyDB
#
# According to an MySQL employee the use of BerkeleyDB is now discouraged
# and support for it will probably cease in the next versions.
skip-bdb
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# If you want to enable SSL support (recommended) read the manual or my
# HOWTO in /usr/share/doc/mysql-server/SSL-MINI-HOWTO.txt.gz
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem



[mysqldump]
quick
quote-names
max_allowed_packet	= 16M

[mysql]
#no-auto-rehash	# faster start of mysql but no tab completition

[isamchk]
key_buffer		= 16M

#
# * NDB Cluster
#
# See /usr/share/doc/mysql-server-*/README.Debian for more information.
#
# The following configuration is read by the ndbd storage daemons,
# not from the ndb_mgmd management daemon.
#
# [MYSQL_CLUSTER]
# ndb-connectstring=127.0.0.1

et voila celui dans le repertoire lampp

# Example MySQL config file for medium systems.
#
# This is for a system with little memory (32M - 64M) where MySQL plays
# an important part, or systems up to 128M where MySQL is used together with
# other programs (such as a web server)
#
# You can copy this file to
# /etc/my.cnf to set global options,
# mysql-data-dir/my.cnf to set server-specific options (in this
# installation this directory is /opt/lampp/var/mysql) or
# ~/.my.cnf to set user-specific options.
#
# In this file, you can use all long options that a program supports.
# If you want to know which options a program supports, run the program
# with the "--help" option.

# The following options will be passed to all MySQL clients
[client]
#password	= your_password
port		= 3306
socket		= /opt/lampp/var/mysql/mysql.sock

# Here follows entries for some specific programs

# The MySQL server
[mysqld]
# commented out by lampp security
#port		= 3306
port = 0
socket		= /opt/lampp/var/mysql/mysql.sock
skip-locking
key_buffer = 16M
max_allowed_packet = 1M
table_cache = 64
sort_buffer_size = 512K
net_buffer_length = 8K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M

# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
# 
#skip-networking

# Replication Master Server (default)
# binary logging is required for replication
# log-bin deactivated by default since XAMPP 1.4.11
#log-bin=mysql-bin

# required unique id between 1 and 2^32 - 1
# defaults to 1 if master-host is not set
# but will not function as a master if omitted
server-id	= 1

# Replication Slave (comment out master section to use this)
#
# To configure this host as a replication slave, you can choose between
# two methods :
#
# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
#    the syntax is:
#
#    CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
#    MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
#
#    where you replace <host>, <user>, <password> by quoted strings and
#    <port> by the master's port number (3306 by default).
#
#    Example:
#
#    CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
#    MASTER_USER='joe', MASTER_PASSWORD='secret';
#
# OR
#
# 2) Set the variables below. However, in case you choose this method, then
#    start replication for the first time (even unsuccessfully, for example
#    if you mistyped the password in master-password and the slave fails to
#    connect), the slave will create a master.info file, and any later
#    change in this file to the variables' values below will be ignored and
#    overridden by the content of the master.info file, unless you shutdown
#    the slave server, delete master.info and restart the slaver server.
#    For that reason, you may want to leave the lines below untouched
#    (commented) and instead use CHANGE MASTER TO (see above)
#
# required unique id between 2 and 2^32 - 1
# (and different from the master)
# defaults to 2 if master-host is set
# but will not function as a slave if omitted
#server-id       = 2
#
# The replication master for this slave - required
#master-host     =   <hostname>
#
# The username the slave will use for authentication when connecting
# to the master - required
#master-user     =   <username>
#
# The password the slave will authenticate with when connecting to
# the master - required
#master-password =   <password>
#
# The port the master is listening on.
# optional - defaults to 3306
#master-port     =  <port>
#
# binary logging - not required for slaves, but recommended
#log-bin=mysql-bin


# Point the following paths to different dedicated disks
#tmpdir		= /tmp/		
#log-update 	= /path-to-dedicated-directory/hostname

# Uncomment the following if you are using BDB tables
#bdb_cache_size = 4M
#bdb_max_lock = 10000

# Comment the following if you are using InnoDB tables
skip-innodb
innodb_data_home_dir = /opt/lampp/var/mysql/
innodb_data_file_path = ibdata1:10M:autoextend
innodb_log_group_home_dir = /opt/lampp/var/mysql/
innodb_log_arch_dir = /opt/lampp/var/mysql/
# You can set .._buffer_pool_size up to 50 - 80 %
# of RAM but beware of setting memory usage too high
innodb_buffer_pool_size = 16M
innodb_additional_mem_pool_size = 2M
# Set .._log_file_size to 25 % of buffer pool size
innodb_log_file_size = 5M
innodb_log_buffer_size = 8M
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50

[mysqldump]
quick
max_allowed_packet = 16M

[mysql]
no-auto-rehash
# Remove the next comment character if you are not familiar with SQL
#safe-updates

[isamchk]
key_buffer = 20M
sort_buffer_size = 20M
read_buffer = 2M
write_buffer = 2M

[myisamchk]
key_buffer = 20M
sort_buffer_size = 20M
read_buffer = 2M
write_buffer = 2M

[mysqlhotcopy]
interactive-timeout

merci de me filer un coup de main

Dernière modification par mat24 (Le 20/07/2006, à 10:48)

yohann · Le 19/07/2006, à 17:03

est ce que l'utilisateur avec lequel tu essaie de te connecter à distance est autorisé a ce connter a la base mysql?

en principe pour des raisons de sécurité root ne peut se connecter qu'en local et on crée un user mysql pour se connecter à distance:

grant all privileges on nom_de_la_base.* to 'nom_utilisateur'@"192.168.100.%" identified by 'mot_de_passe';

cette ligne permet la connection a nom_utilisateur depuis tout le réseaux local 192.168.100
pour pouvoir te connecter depuis n'importe où: @"%"

tu peux verifier cela en local:

$ mysql -u root -p
> use mysql
>select * from user;

bonne chance

mat24 · Le 19/07/2006, à 17:29

je viens de voir que j'ai la meme chose en localhost sur la machine serveur !!!
donc ce doit etre un autre soucis .....

une idée ?

yohann · Le 19/07/2006, à 17:46

peut tu mettre les ligne de commandes utilisées ainsi que les réponses du système stp

mat24 · Le 20/07/2006, à 07:58

re ...
tout simplement je fais un mysql_connect() et la il bloque deja en me retournant "not allowed to connect to this MySQL server"

meme en local ... je suppose que ma config mysql est bloquée quelque part !

j'aime bien ta signature au passage

yohann · Le 20/07/2006, à 09:49

mysql_connect c'est du php ca non?
ton serveur apache et ta base de donné son sur le même poste?
si oui tu te connect en local depuis le début car c'est apache qui se connect à mysql.
sinon qu'est ce que ca donne d'ouvrir un teminal sur le serveur et de faire

mysql -u root -p

(je vois pas d'où viens le problème mais on peut commencer par éliminer le php et regarder seulement sur la base sql...)

mat24 · Le 20/07/2006, à 10:48

rho
bon deja j'ai compris la premiere erreur en fait je n'avais pas mis le bon nom de host .... j'avais utilisé le nom du serveur ftp au lieu de regarder les host de mysql !

il me manque encore pas mal de connaissance pour mettre un serveur perso en place !!!

donc je vais me plonger dans mysql et essayer de comprendre tout ça

merci et désolé !!!!

yohann · Le 20/07/2006, à 11:04

bonne chance, hésite pas si t'as un souci...

Ubuntu-fr

Navigation

Liens de recherche

Annonce

#1 Le 19/07/2006, à 16:22

probleme securité mysql [résolu]

#2 Le 19/07/2006, à 17:03

Re : probleme securité mysql [résolu]

#3 Le 19/07/2006, à 17:29

Re : probleme securité mysql [résolu]

#4 Le 19/07/2006, à 17:46

Re : probleme securité mysql [résolu]

#5 Le 20/07/2006, à 07:58

Re : probleme securité mysql [résolu]

#6 Le 20/07/2006, à 09:49

Re : probleme securité mysql [résolu]

#7 Le 20/07/2006, à 10:48

Re : probleme securité mysql [résolu]

#8 Le 20/07/2006, à 11:04

Re : probleme securité mysql [résolu]

Pied de page des forums