Rip out the DB authentication part, and store those credentials in-code, in
some config file or the registry, or some remote mechanism like LDAP.
If your users need to access multiple servers, just give them an option for
each server, but don't let them enter DB credentials themselves.
Users are not to be trusted with direct data access; they're way too devious
for their own good :-)
On Wed, Apr 28, 2010 at 11:05 AM, Vikram A <vikkiatbipl@stripped> wrote:
> Yes; As per your mail, i understood that the authentication must be
> separated for both app and the db.
> Let me send my login Authentication screen; I request you guide me how can
> handle this.
> Thank you
> *From:* Johan De Meersman <vegivamp@stripped>
> *To:* Vikram A <vikkiatbipl@stripped>
> *Cc:* MY SQL Mailing list <mysql@stripped>
> *Sent:* Wed, 28 April, 2010 2:10:45 PM
> *Subject:* Re: My sql Security
> I'm afraid you can't discern between clients and applications on the MySQL
> level. Your application authentication should be separate from the MySQL
> On Wed, Apr 28, 2010 at 10:28 AM, Vikram A <vikkiatbipl@stripped> wrote:
> > Hi all,
> > I have some security issues. I would like to have your
> > suggestions/solutions.
> > I have winserver2003 with mysql 5.1.45. We have client serve application
> > that allows multi-login system with various people.
> > I am getting user name, password for database login when the try to use
> > login [which is for Application]. By using DB the user name and the
> > password, people who know the mysql are opening the DB using some GUI
> > How this can be avoided; because it is major issue right now in my work
> > place.
> > Please Can any one can help me?
> > Thank you
> > VIKRAM A
> Bier met grenadyn
> Is als mosterd by den wyn
> Sy die't drinkt, is eene kwezel
> Hy die't drinkt, is ras een ezel
Bier met grenadyn
Is als mosterd by den wyn
Sy die't drinkt, is eene kwezel
Hy die't drinkt, is ras een ezel