MySQL Forums
Forum List  »  Security

Re: Easy ways to override MySQL authentication and get direct access to data (if you have local access)
Posted by: Aravinthkumar KG
Date: January 09, 2006 04:52AM

Hi,
There are several possible ways to local attacker to get in to the MySQL databases.
one such way is
1) Stop the MySQL service
2)"Copy the existing MySQL directory(mysql\data\mysql) from other machine and place it mysql\data directory, it'll prompt to replace, click yes(before that copy the backup the MySQL DB to safe place)"
3)now start the service with ur copied user variables
4)do the necesary actions on mysql and replace the MySQL db directory with your backup file.

to avoid this scenario, MySQL should have a system table in each database and they should have the user info. to contact that database. that table should be in a encypted format each time the databse is contact it should verify that the user has the access priviledge and rights and then it allow the user to enter into the database.

because if mysql is the choice for "standalone" applications, this security bug is the major concern and that should be solve ASAP

Options: ReplyQuote


Subject
Views
Written By
Posted
Re: Easy ways to override MySQL authentication and get direct access to data (if you have local access)
3182
January 09, 2006 04:52AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.