Menu
▾
▴
Re: [Slashcode-general] DBIx-Password: Access denied for virtual user to database
|
From: Marc G. F. <sc...@hu...> - 2011-02-15 05:23:11
|
On Mon, 14 Feb 2011, Jamie McCarthy wrote: > It's not security through obscurity. Its cpan install directs you to > change the module's group, probably its owner, and set it > non-world-readable. It essentially is a way of bouncing mysql permission > issues up to the filesystem's security model, and it acts as a > convenient "address book" for your mysql users+passwords too. Sad thing is that its most likely more then most ppl will ever do / know ... hell, until George mentione issues and I looked into it, I didn't even know what file was written / created ... now, in my case, this seems to be an issue with the FreeBSD ports system hiding htis informaiton, but I don't recall any messages about permissions or what not :( But, that still doesn't address the issue that you are limited to a system where you can have but one username per database, unless I've missed something ... ? Now, from what I can tell, is it easy to add more databases, as each time you do a 'make install', it will re-gen the file, overwriting anything that was set before, you have to know / remember to re-add any of the old usernames ... or am I mistaken on t his? Slashcode has, IMHO, a relatively nice install system where you can install multiple sites from one installation directory ... but I cannot easily add a new username for a new site nearly as easy :( > > -- > Jamie McCarthy > jmc...@th... > ja...@mc... > 269-267-2008 > > > On Feb 14, 2011, at 6:23 PM, "Marc G. Fournier" <sc...@hu...> wrote: > >> >> Huh? When I install p5-DBIx-Password under FreeBSD. that is part of the >> install process ... which I think is one of hte most annoying perl modules >> as I've never been able to figure out how to "add users" without having to >> re-install the port ... >> >> But, looking at exactly what DBIx-Password is all about, this should be >> one of the easiest things to get rid of ... all it does is saves having ot >> create a db.conf file (or whatever we call it) to store userid/passwds in >> ... >> >> The funny thing is that it really is one of those 'security by obscurity' >> kinda things, as everything is stored plain text in the file: >> >> /usr/local/lib/perl5/./site_perl/5.10.1/DBIx/Password.pm >> >> But, there is one flaw in that module, which, altho not huge, can be >> annoying ... you can't have the same user connecting to different >> databases ... eerything is keyedd on teh username itself, so for each >> database, you literally need a distinct username ... >> >> I'll look into removing that requirement ... slowly figuring out how all >> this code works :) >> >> On Mon, 14 Feb 2011, George Taft wrote: >> >>> Whoa. I have to create a Password.pm file? That's not in the instructions. >>> What's the file for? Where does it go? >>> >>> On Mon, Feb 14, 2011 at 5:18 PM, Shane Zatezalo <sh...@lo...> wrote: >>> it's probably failing because you've not setup your Password.pm >>> file yet. >>> Create that, make install it, and I betcha it passes. >>> >>> On Feb 14, 2011, at 3:55 PM, Marc G. Fournier wrote: >>> >>>> >>>> What I'd be curious to know is why the test failed ... which test? >>> Can >>>> you download the source code from CPAN and do a build/install? >>>> >>>> MARCLANG/ParallelUserAgent-2.57.tar.gz : make_test NO >>>> >>>> Its the same version that I have installed here ... >>>> >>>> On Mon, 14 Feb 2011, George Taft wrote: >>>> >>>>> While this is not a verbatim log of my effort to install under >>> CentOS, it's >>>>> a list of the commands I issued. Finally at the bottom are the >>> errors I >>>>> encountered. Reissuing the MySQL commands seemed to fix the first >>> problem, >>>>> but the second still stands. == George >>>>> >>>>> yum update >>>>> >>>>> yum install make >>>>> >>>>> yum install lynx >>>>> >>>>> yum install gcc >>>>> >>>>> yum remove perl >>>>> >>>>> lynx http://www.cpan.org/src/stable.tar.gz >>>>> >>>>> cd /tmp/perl[dir] >>>>> >>>>> sh Configure -de >>>>> >>>>> make >>>>> >>>>> make test >>>>> >>>>> make install >>>>> >>>>> >>>>> yum install mysql-server >>>>> >>>>> /sbin/chkconfig --levels 235 mysqld on >>>>> >>>>> yum install mysql-devel # what about "mysql-client" >>>>> that misterorange.com refers to? it doesn't seem to exist any >>>>> more. Is this step still necessary? >>>>> >>>>> >>>>> mysql.i386 0:5.0.77-4.el5_5.4 >>>>> >>>>> >>>>> nano /etc/my.cnf [add "timezone=GMT" to end of file] >>>>> >>>>> >>>>> service mysqld start >>>>> >>>>> mysql >>>>> >>>>> create database xlash; >>>>> >>>>> grant select, insert, update, delete, lock tables, create, >>>>> drop, index, alter on slash.* to 'xlash'@'localhost' >>> identified >>>>> by 'haxlash'; >>>>> >>>>> grant process on *.* to 'xlash'@'localhost' identified by >>>>> 'haxlash'; >>>>> >>>>> >>>>> /usr/local/bin/perl -MCPAN -e "install q{LWP}" >>>>> >>>>> >>>>> lynx >>> http://mirrors.axint.net/apache//httpd/apache_1.3.42.tar.gz >>>>> >>>>> cd /tmp; tar -xvzf >>>>> >>>>> >>>>> lynx http://perl.apache.org/dist/mod_perl-1.31.tar.gz >>>>> >>>>> >>>>> perl Makefile.PL apache_src=/tmp/apache_1.3.42/src/ do_httpd=1 >>>>> use_apaci=1 perl_mark_where=1 everything=1 >>>>> apache_prefix=/usr/local/apache >>>>> >>>>> make >>>>> >>>>> make test >>>>> >>>>> make install >>>>> >>>>> >>>>> yum install zlib-devel [already installed] >>>>> >>>>> yum install openssl-devel [already installed] >>>>> >>>>> yum install perl [already installed] >>>>> >>>>> yum install cpio [already installed] >>>>> >>>>> yum install expat-devel >>>>> >>>>> yum install gettext-devel >>>>> >>>>> >>>>> rpm-Uvh >>> http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noa >>>>> rch.rpm >>>>> >>>>> yum repolist [should show EPEL repo] >>>>> >>>>> yum install git git-daemon >>>>> >>>>> git clone git://github.com/lottadot/haxlash.git haxlash >>>>> >>>>> cd haxlash >>>>> >>>>> git checkout HEAD >>>>> >>>>> >>>>> cpan >>>>> >>>>> install Bundle::CPAN >>>>> >>>>> quit >>>>> >>>>> cpan >>>>> >>>>> install Bundle::LWP >>>>> >>>>> >>>>> install Bundle::Slash [again] >>>>> >>>>> >>>>> Failed during this command: >>>>> KROW/DBIx-Password-1.9.tar.gz : make_test NO >>>>> MARCLANG/ParallelUserAgent-2.57.tar.gz : make_test NO >>>>> >>>>> >>>>> DBI connect('database=xlash;host=localhost','xlash',...) >>> failed: >>>>> Access denied for user 'xlash'@'localhost' to database 'xlash' >>>>> at blib/lib/DBIx/Password.pm line 31 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Mon, Feb 14, 2011 at 12:05 PM, Marc G. Fournier >>> <sc...@hu...> wrote: >>>>> On Mon, 14 Feb 2011, Jamie McCarthy wrote: >>>>> >>>>>> On Feb 14, 2011, at 10:32 AM, Marc G. Fournier wrote: >>>>>> >>>>>>> On Mon, 14 Feb 2011, George Taft wrote: >>>>>>> >>>>>>>> I've tried, and it still fails, just like it does at Perl >>>>> Monks: >>>>>>>> <http://www.perlmonks.org/bare/?node_id=758739>. I wouldn't >>>>> know how to >>>>>>>> write/install a replacement for the functionality of >>>>> ParallelUA >>>>>> >>>>>> FWIW... >>>>>> >>>>>> LWP::UserAgent::Parallel is only used by checkForOpenProxy(). >>>>> That's the >>>>>> function that scans a few common HTTP proxy ports on the >>>>> current user's >>>>>> IP address to see if that IP is running an open proxy, and if >>>>> so, limits >>>>>> access in some way. As I recall, you can't post anonymously >>>>> from a proxy >>>>>> or something like that. >>>>>> >>>>>> It's been moderately-helpful on Slashdot, but it's not an >>>>> absolute >>>>>> necessity or anything. If you want, strip out that function >>>>> and calls to >>>>>> it, delete Slash::Custom::ParUserAgent, and remove L::U::P >>>>> from the list >>>>>> of install requirements. >>>>> >>>>> Since I know it is working, rather try and debug it and keep the >>>>> functinality :) >>>>> >>>>> ---- >>>>> Marc G. Fournier Hub.Org Hosting Solutions >>> S.A. >>>>> sc...@hu... >>> http://www.hub.org >>>>> >>>>> Yahoo:yscrappy Skype: hub.org ICQ:7615664 >>> MSN:sc...@hu... >>>>> >>>>> --------------------------------------------------------------------------- >>> >>>>> --- >>>>> The ultimate all-in-one performance toolkit: Intel(R) Parallel >>> Studio >>>>> XE: >>>>> Pinpoint memory and threading errors before they happen. >>>>> Find and fix more than 250 security defects in the development >>> cycle. >>>>> Locate bottlenecks in serial and parallel code that limit >>> performance. >>>>> http://p.sf.net/sfu/intel-dev2devfeb >>>>> _______________________________________________ >>>>> Slashcode-general mailing list >>>>> Sla...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/slashcode-general >>>>> >>>>> >>>>> >>>>> >>>> >>>> ---- >>>> Marc G. Fournier Hub.Org Hosting Solutions >>> S.A. >>>> sc...@hu... >>> http://www.hub.org >>>> >>>> Yahoo:yscrappy Skype: hub.org ICQ:7615664 >>> MSN:sc...@hu... >>>> >>>> --------------------------------------------------------------------------- >>> --- >>>> The ultimate all-in-one performance toolkit: Intel(R) Parallel >>> Studio XE: >>>> Pinpoint memory and threading errors before they happen. >>>> Find and fix more than 250 security defects in the development >>> cycle. >>>> Locate bottlenecks in serial and parallel code that limit >>> performance. >>>> http://p.sf.net/sfu/intel-dev2devfeb >>>> _______________________________________________ >>>> Slashcode-general mailing list >>>> Sla...@li... >>>> https://lists.sourceforge.net/lists/listinfo/slashcode-general >>> >>> >>> >>> >> >> ---- >> Marc G. Fournier Hub.Org Hosting Solutions S.A. >> sc...@hu... http://www.hub.org >> >> Yahoo:yscrappy Skype: hub.org ICQ:7615664 MSN:sc...@hu... >> >> ------------------------------------------------------------------------------ >> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: >> Pinpoint memory and threading errors before they happen. >> Find and fix more than 250 security defects in the development cycle. >> Locate bottlenecks in serial and parallel code that limit performance. >> http://p.sf.net/sfu/intel-dev2devfeb >> _______________________________________________ >> Slashcode-general mailing list >> Sla...@li... >> https://lists.sourceforge.net/lists/listinfo/slashcode-general > ---- Marc G. Fournier Hub.Org Hosting Solutions S.A. sc...@hu... http://www.hub.org Yahoo:yscrappy Skype: hub.org ICQ:7615664 MSN:sc...@hu... |
