Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #55362
| From | Νίκος Ακεξόπουλος <nikos.gr33k@gmail.com> |
|---|---|
| Newsgroups | comp.lang.python |
| Subject | Re: Can arbitrary code run in a server if someone's know just the MySQL password? |
| Date | 2013-10-02 20:06 +0300 |
| Organization | A noiseless patient Spider |
| Message-ID | <l2hjqf$u79$1@dont-email.me> (permalink) |
| References | <l2h31g$q96$1@dont-email.me> <524c1ee6$0$29984$c3e8da3$5496439d@news.astraweb.com> <l2h7qj$gqt$2@dont-email.me> <N9W2u.10684$eW3.6172@fx23.am4> <mailman.640.1380730392.18130.python-list@python.org> |
Στις 2/10/2013 6:13 μμ, ο/η Ravi Sahni έγραψε: > On Wed, Oct 2, 2013 at 8:04 PM, Alister <alister.ware@ntlworld.com> wrote: >> On Wed, 02 Oct 2013 16:41:40 +0300, Νίκος wrote: >> >>> Στις 2/10/2013 4:25 μμ, ο/η Steven D'Aprano έγραψε: >>>> On Wed, 02 Oct 2013 15:20:00 +0300, Νίκος wrote: >>>> >>>>> Is it possible for someone that knows the MYSQL password of a server >>>>> to run arbitrary code on a linux server? >>>> >>>> Yes, it is possible. >>> >>> Is that what might have happened and someone managed to upload the .html >>> file in '~/home/nikos/www/' ? >>> >>> Can you think of any other way? >> >> >> There are many other ways (i am not a hacker so i would not know whre to >> start) >> Against my better judgement I am going to give some advise (more to >> protect your customers than you) >> >> 1) tie down access to your server, nothing should be accessable from the >> internet unless absolutly necessary. >> certainly your database should not be accessible and this should be >> blocked in multiple ways (protection in depth) >> >> you should close down any un-necessary services. >> shut your firewall to all trafffix except http & https (ports 80 ,443) >> unless absolutely necessary. >> set your database accounts to only allow log in from localhost & and any >> explicit IP addresses that must have access >> >> & please google for further advise on server security & post questions in >> a suitable forum (not here) >> >> as many have said, security is not our area of expertise & this is the >> wrong place to ask. >> >> when correctly secured knowing your username & password should not be >> enough to allow access to your server. > > > Thank you Alister for ansering the needs of needy persons. > I am also needy. Please be kind to me as well: > > There is poverty and injustice in the world. Why?? I NEED to know > People suffer and die. How come? I MUST know > And there are morons... Why?? PLEASE TELL You are failing trying to mimic me. I have a reason when i ask because i did explanation for some matter. As for morons, yes they are lots of them in this world, including you trying to make fun out of this by impersonating me. You fail also as acting as a newbie, while you are a regular here. -- What is now proved was at first only imagined! & WebHost <http://superhost.gr>
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Can arbitrary code run in a server if someone's know just the MySQL password? Νίκος <nikos.gr33k@gmail.com> - 2013-10-02 15:20 +0300
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Antoon Pardon <antoon.pardon@rece.vub.ac.be> - 2013-10-02 14:37 +0200
Re: Can arbitrary code run in a server if someone's know just the MySQL password? feedthetroll@gmx.de - 2013-10-02 05:38 -0700
Re: Killing threads with TB (was: Can arbitrary code run in a server if someone's know just the MySQL password?) Tim Chase <python.list@tim.thechases.com> - 2013-10-02 08:21 -0500
Re: Killing threads with TB Terry Reedy <tjreedy@udel.edu> - 2013-10-02 18:34 -0400
Re: Killing threads with TB Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-10-02 23:48 +0100
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-10-02 13:25 +0000
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Νίκος <nikos.gr33k@gmail.com> - 2013-10-02 16:41 +0300
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Ned Batchelder <ned@nedbatchelder.com> - 2013-10-02 09:58 -0400
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Νίκος <nikos.gr33k@gmail.com> - 2013-10-02 17:46 +0300
Re: Can arbitrary code run in a server if someone's know just the MySQL password? ishish <ishish@domhain.de> - 2013-10-02 15:55 +0100
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Ned Batchelder <ned@nedbatchelder.com> - 2013-10-02 11:15 -0400
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Denis McMahon <denismfmcmahon@gmail.com> - 2013-10-02 16:02 +0000
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Ethan Furman <ethan@stoneleaf.us> - 2013-10-02 09:59 -0700
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Alister <alister.ware@ntlworld.com> - 2013-10-02 14:34 +0000
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Ravi Sahni <ganeshsahni07@gmail.com> - 2013-10-02 20:43 +0530
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Νίκος Ακεξόπουλος <nikos.gr33k@gmail.com> - 2013-10-02 20:06 +0300
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-10-02 17:39 +0000
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Νίκος Αλεξόπουλος <nikos.gr33k@gmail.com> - 2013-10-02 21:02 +0300
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-10-02 20:02 -0400
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Tony the Tiger <tony@tiger.invalid> - 2013-10-04 15:19 -0500
csiph-web