On Wed, 2010-04-28 at 13:58 +0530, Vikram A wrote:
> Hi all,
> I have some security issues. I would like to have your suggestions/solutions.
> I have winserver2003 with mysql 5.1.45. We have client serve application that allows
> multi-login system with various people.
> I am getting user name, password for database login when the try to use login
> [which is for Application]. By using DB the user name and the password, people who
> know the mysql
> are opening the DB using some GUI tools. How this can be avoided; because it is
> major issue right now in my work place.
> Please Can any one can help me?
> Thank you
> VIKRAM A
1.) Use MySQL connection limits to restrict the ways a client may impact
performance. In the longer term look to limit table access with stored
procedures or (when efficient) views.
2.) Restrict the database usernames/passwords by IP address and/or SSL
client certificates and restrict access to the authorised client
machines from the people causing a problem.
3.) If the clients and their credentials can't be restricted from the
problem group, use MySQL proxy or its equivalent to filter exactly which
queries may be applied so that only the actions already taken by the
application may be performed by people using it's login credentials.
4.) If the problem is being caused by people on the authorised clients
performing reasonable actions for those clients, then your problem can't
be solved techincally aside from by seperating the application
authentication credentails from the MySQL ones, or by scaling to allow
the clients usage levels.
Like Johan De Meersman I think the real problem you have is probably
that the application uses MySQL access credentials as enduser
credentials. Per-application user database users are unusual in my
industry. If you need per-user access right granularity in database
access it should still be disconnected from application login
credentials. I'd probably do:
field | application | mysql
username | current username | current username
password | current password stored as hash | unique password stored
encrypted by hash of (current password + salt)
In this way only an application working on the user's behalf to which
the user had submitted their password would be able to obtain their
unique database password but wouldn't need to store the plaintext
password in the user's session.