Menu
▾
▴
Re: [Slashcode-general] DBIx-Password: Access denied for virtual user to database
|
From: Jamie M. <ja...@mc...> - 2011-02-15 02:25:53
|
It's not security through obscurity. Its cpan install directs you to change the module's group, probably its owner, and set it non-world-readable. It essentially is a way of bouncing mysql permission issues up to the filesystem's security model, and it acts as a convenient "address book" for your mysql users+passwords too. -- Jamie McCarthy jmc...@th... ja...@mc... 269-267-2008 On Feb 14, 2011, at 6:23 PM, "Marc G. Fournier" <sc...@hu...> wrote: > > Huh? When I install p5-DBIx-Password under FreeBSD. that is part of the > install process ... which I think is one of hte most annoying perl modules > as I've never been able to figure out how to "add users" without having to > re-install the port ... > > But, looking at exactly what DBIx-Password is all about, this should be > one of the easiest things to get rid of ... all it does is saves having ot > create a db.conf file (or whatever we call it) to store userid/passwds in > ... > > The funny thing is that it really is one of those 'security by obscurity' > kinda things, as everything is stored plain text in the file: > > /usr/local/lib/perl5/./site_perl/5.10.1/DBIx/Password.pm > > But, there is one flaw in that module, which, altho not huge, can be > annoying ... you can't have the same user connecting to different > databases ... eerything is keyedd on teh username itself, so for each > database, you literally need a distinct username ... > > I'll look into removing that requirement ... slowly figuring out how all > this code works :) > > On Mon, 14 Feb 2011, George Taft wrote: > >> Whoa. I have to create a Password.pm file? That's not in the instructions. >> What's the file for? Where does it go? >> >> On Mon, Feb 14, 2011 at 5:18 PM, Shane Zatezalo <sh...@lo...> wrote: >> it's probably failing because you've not setup your Password.pm >> file yet. >> Create that, make install it, and I betcha it passes. >> >> On Feb 14, 2011, at 3:55 PM, Marc G. Fournier wrote: >> >>> >>> What I'd be curious to know is why the test failed ... which test? >> Can >>> you download the source code from CPAN and do a build/install? >>> >>> MARCLANG/ParallelUserAgent-2.57.tar.gz : make_test NO >>> >>> Its the same version that I have installed here ... >>> >>> On Mon, 14 Feb 2011, George Taft wrote: >>> >>>> While this is not a verbatim log of my effort to install under >> CentOS, it's >>>> a list of the commands I issued. Finally at the bottom are the >> errors I >>>> encountered. Reissuing the MySQL commands seemed to fix the first >> problem, >>>> but the second still stands. == George >>>> >>>> yum update >>>> >>>> yum install make >>>> >>>> yum install lynx >>>> >>>> yum install gcc >>>> >>>> yum remove perl >>>> >>>> lynx http://www.cpan.org/src/stable.tar.gz >>>> >>>> cd /tmp/perl[dir] >>>> >>>> sh Configure -de >>>> >>>> make >>>> >>>> make test >>>> >>>> make install >>>> >>>> >>>> yum install mysql-server >>>> >>>> /sbin/chkconfig --levels 235 mysqld on >>>> >>>> yum install mysql-devel # what about "mysql-client" >>>> that misterorange.com refers to? it doesn't seem to exist any >>>> more. Is this step still necessary? >>>> >>>> >>>> mysql.i386 0:5.0.77-4.el5_5.4 >>>> >>>> >>>> nano /etc/my.cnf [add "timezone=GMT" to end of file] >>>> >>>> >>>> service mysqld start >>>> >>>> mysql >>>> >>>> create database xlash; >>>> >>>> grant select, insert, update, delete, lock tables, create, >>>> drop, index, alter on slash.* to 'xlash'@'localhost' >> identified >>>> by 'haxlash'; >>>> >>>> grant process on *.* to 'xlash'@'localhost' identified by >>>> 'haxlash'; >>>> >>>> >>>> /usr/local/bin/perl -MCPAN -e "install q{LWP}" >>>> >>>> >>>> lynx >> http://mirrors.axint.net/apache//httpd/apache_1.3.42.tar.gz >>>> >>>> cd /tmp; tar -xvzf >>>> >>>> >>>> lynx http://perl.apache.org/dist/mod_perl-1.31.tar.gz >>>> >>>> >>>> perl Makefile.PL apache_src=/tmp/apache_1.3.42/src/ do_httpd=1 >>>> use_apaci=1 perl_mark_where=1 everything=1 >>>> apache_prefix=/usr/local/apache >>>> >>>> make >>>> >>>> make test >>>> >>>> make install >>>> >>>> >>>> yum install zlib-devel [already installed] >>>> >>>> yum install openssl-devel [already installed] >>>> >>>> yum install perl [already installed] >>>> >>>> yum install cpio [already installed] >>>> >>>> yum install expat-devel >>>> >>>> yum install gettext-devel >>>> >>>> >>>> rpm-Uvh >> http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noa >>>> rch.rpm >>>> >>>> yum repolist [should show EPEL repo] >>>> >>>> yum install git git-daemon >>>> >>>> git clone git://github.com/lottadot/haxlash.git haxlash >>>> >>>> cd haxlash >>>> >>>> git checkout HEAD >>>> >>>> >>>> cpan >>>> >>>> install Bundle::CPAN >>>> >>>> quit >>>> >>>> cpan >>>> >>>> install Bundle::LWP >>>> >>>> >>>> install Bundle::Slash [again] >>>> >>>> >>>> Failed during this command: >>>> KROW/DBIx-Password-1.9.tar.gz : make_test NO >>>> MARCLANG/ParallelUserAgent-2.57.tar.gz : make_test NO >>>> >>>> >>>> DBI connect('database=xlash;host=localhost','xlash',...) >> failed: >>>> Access denied for user 'xlash'@'localhost' to database 'xlash' >>>> at blib/lib/DBIx/Password.pm line 31 >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Mon, Feb 14, 2011 at 12:05 PM, Marc G. Fournier >> <sc...@hu...> wrote: >>>> On Mon, 14 Feb 2011, Jamie McCarthy wrote: >>>> >>>>> On Feb 14, 2011, at 10:32 AM, Marc G. Fournier wrote: >>>>> >>>>>> On Mon, 14 Feb 2011, George Taft wrote: >>>>>> >>>>>>> I've tried, and it still fails, just like it does at Perl >>>> Monks: >>>>>>> <http://www.perlmonks.org/bare/?node_id=758739>. I wouldn't >>>> know how to >>>>>>> write/install a replacement for the functionality of >>>> ParallelUA >>>>> >>>>> FWIW... >>>>> >>>>> LWP::UserAgent::Parallel is only used by checkForOpenProxy(). >>>> That's the >>>>> function that scans a few common HTTP proxy ports on the >>>> current user's >>>>> IP address to see if that IP is running an open proxy, and if >>>> so, limits >>>>> access in some way. As I recall, you can't post anonymously >>>> from a proxy >>>>> or something like that. >>>>> >>>>> It's been moderately-helpful on Slashdot, but it's not an >>>> absolute >>>>> necessity or anything. If you want, strip out that function >>>> and calls to >>>>> it, delete Slash::Custom::ParUserAgent, and remove L::U::P >>>> from the list >>>>> of install requirements. >>>> >>>> Since I know it is working, rather try and debug it and keep the >>>> functinality :) >>>> >>>> ---- >>>> Marc G. Fournier Hub.Org Hosting Solutions >> S.A. >>>> sc...@hu... >> http://www.hub.org >>>> >>>> Yahoo:yscrappy Skype: hub.org ICQ:7615664 >> MSN:sc...@hu... >>>> >>>> --------------------------------------------------------------------------- >> >>>> --- >>>> The ultimate all-in-one performance toolkit: Intel(R) Parallel >> Studio >>>> XE: >>>> Pinpoint memory and threading errors before they happen. >>>> Find and fix more than 250 security defects in the development >> cycle. >>>> Locate bottlenecks in serial and parallel code that limit >> performance. >>>> http://p.sf.net/sfu/intel-dev2devfeb >>>> _______________________________________________ >>>> Slashcode-general mailing list >>>> Sla...@li... >>>> https://lists.sourceforge.net/lists/listinfo/slashcode-general >>>> >>>> >>>> >>>> >>> >>> ---- >>> Marc G. Fournier Hub.Org Hosting Solutions >> S.A. >>> sc...@hu... >> http://www.hub.org >>> >>> Yahoo:yscrappy Skype: hub.org ICQ:7615664 >> MSN:sc...@hu... >>> >>> --------------------------------------------------------------------------- >> --- >>> The ultimate all-in-one performance toolkit: Intel(R) Parallel >> Studio XE: >>> Pinpoint memory and threading errors before they happen. >>> Find and fix more than 250 security defects in the development >> cycle. >>> Locate bottlenecks in serial and parallel code that limit >> performance. >>> http://p.sf.net/sfu/intel-dev2devfeb >>> _______________________________________________ >>> Slashcode-general mailing list >>> Sla...@li... >>> https://lists.sourceforge.net/lists/listinfo/slashcode-general >> >> >> >> > > ---- > Marc G. Fournier Hub.Org Hosting Solutions S.A. > sc...@hu... http://www.hub.org > > Yahoo:yscrappy Skype: hub.org ICQ:7615664 MSN:sc...@hu... > > ------------------------------------------------------------------------------ > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > Slashcode-general mailing list > Sla...@li... > https://lists.sourceforge.net/lists/listinfo/slashcode-general |
