Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #55320
| Path | csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <antoon.pardon@rece.vub.ac.be> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.032 |
| X-Spam-Evidence | '*H*': 0.94; '*S*': 0.00; 'board.': 0.05; 'received:134': 0.05; 'retrieved': 0.05; 'subject:password': 0.05; 'only,': 0.07; 'subject:code': 0.07; 'utilizing': 0.09; 'python': 0.11; 'question.': 0.14; '==========': 0.16; 'code?': 0.16; 'subject: \n ': 0.16; 'subject:run': 0.16; 'trying': 0.19; 'example': 0.22; 'shell': 0.22; 'header:User-Agent:1': 0.23; 'please?': 0.24; 'question': 0.24; 'login': 0.25; 'somewhere': 0.26; 'asking': 0.27; 'header:In-Reply-To:1': 0.27; 'possibility': 0.29; 'tim': 0.29; "i'm": 0.30; 'code': 0.31; 'comments': 0.31; 'too.': 0.31; 'file': 0.32; 'figure': 0.32; 'run': 0.32; 'linux': 0.33; 'subject:the': 0.34; 'could': 0.34; 'display': 0.35; 'knows': 0.35; 'there': 0.35; 'replies': 0.36; 'possible': 0.36; 'subject:?': 0.36; 'list': 0.37; 'list.': 0.37; 'being': 0.38; 'server': 0.38; 'to:addr:python-list': 0.38; 'to:addr:python.org': 0.39; 'system.': 0.39; 'how': 0.40; 'commands': 0.60; 'subject:Can': 0.60; 'course': 0.61; "you're": 0.61; 'personal': 0.63; 'more': 0.64; 'chance': 0.65; 'account': 0.65; 'kept': 0.65; 'details': 0.65; 'due': 0.66; 'said:': 0.68; 'gain': 0.79; 'locked': 0.84; 'pardon': 0.84; 'subject:know': 0.84; 'unaware': 0.84; 'serious': 0.97 |
| X-IronPort-Anti-Spam-Filtered | true |
| X-IronPort-Anti-Spam-Result | AqEEAEcTTFKGuA9G/2dsb2JhbABQCIc6unGCe4EugxoBBSMPATkKAhEJAhoCBQwBAQEHCwICCQMCAQIBRRMIAogCjzWbVokpiROBKYxrgQo6CggBAwKCUoE5A5d/hh+LXIFmgUCBaAcXgRw |
| Date | Wed, 02 Oct 2013 14:37:58 +0200 |
| From | Antoon Pardon <antoon.pardon@rece.vub.ac.be> |
| User-Agent | Mozilla/5.0 (X11; Linux i686; rv:10.0.12) Gecko/20130116 Icedove/10.0.12 |
| MIME-Version | 1.0 |
| To | python-list@python.org |
| Subject | Re: Can arbitrary code run in a server if someone's know just the MySQL password? |
| References | <l2h31g$q96$1@dont-email.me> |
| In-Reply-To | <l2h31g$q96$1@dont-email.me> |
| Content-Type | text/plain; charset=UTF-8 |
| Content-Transfer-Encoding | 8bit |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.620.1380717480.18130.python-list@python.org> (permalink) |
| Lines | 37 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1380717480 news.xs4all.nl 15978 [2001:888:2000:d::a6]:58769 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:55320 |
Show key headers only | View raw
Op 02-10-13 14:20, Νίκος schreef: > Tim delaney said: > > "Because there's no chance with the brilliance you display that there > could be any possibility of login details being kept in plaintext in > your database. > > And of course your database is so well locked down that no attacker with > a login to it could then execute arbitrary code on your system. > > And there's also zero chance that your personal account login details > are also available in plaintext somewhere that you're unaware of." > ========== > > Is it possible for someone that knows the MYSQL password of a server to > run arbitrary code on a linux server? > > Okey he uses the password and he gain access to the databases, then > what? MySQL is a database server how can he run run arbitrary shell > commands by using MySQL? > > If yes, can you give an example please? > > Also, is there a chance for my account's password to be retrieved on > some why due to MySQL access or perhaps by utilizing my own python code? > > I'm just trying to figure out how the upload of that .html file happened > to '/home/nikos/public_html'. I need a theory and Zero Piraeus to answer > too. > > Please, serious replies only, i won't answer to ironic comments or jokes. You are not asking a python question. This is a python list. Not a Nikos advise board. Find a list where your question is more appropiate. -- Antoon Pardon
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Can arbitrary code run in a server if someone's know just the MySQL password? Νίκος <nikos.gr33k@gmail.com> - 2013-10-02 15:20 +0300
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Antoon Pardon <antoon.pardon@rece.vub.ac.be> - 2013-10-02 14:37 +0200
Re: Can arbitrary code run in a server if someone's know just the MySQL password? feedthetroll@gmx.de - 2013-10-02 05:38 -0700
Re: Killing threads with TB (was: Can arbitrary code run in a server if someone's know just the MySQL password?) Tim Chase <python.list@tim.thechases.com> - 2013-10-02 08:21 -0500
Re: Killing threads with TB Terry Reedy <tjreedy@udel.edu> - 2013-10-02 18:34 -0400
Re: Killing threads with TB Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-10-02 23:48 +0100
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-10-02 13:25 +0000
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Νίκος <nikos.gr33k@gmail.com> - 2013-10-02 16:41 +0300
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Ned Batchelder <ned@nedbatchelder.com> - 2013-10-02 09:58 -0400
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Νίκος <nikos.gr33k@gmail.com> - 2013-10-02 17:46 +0300
Re: Can arbitrary code run in a server if someone's know just the MySQL password? ishish <ishish@domhain.de> - 2013-10-02 15:55 +0100
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Ned Batchelder <ned@nedbatchelder.com> - 2013-10-02 11:15 -0400
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Denis McMahon <denismfmcmahon@gmail.com> - 2013-10-02 16:02 +0000
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Ethan Furman <ethan@stoneleaf.us> - 2013-10-02 09:59 -0700
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Alister <alister.ware@ntlworld.com> - 2013-10-02 14:34 +0000
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Ravi Sahni <ganeshsahni07@gmail.com> - 2013-10-02 20:43 +0530
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Νίκος Ακεξόπουλος <nikos.gr33k@gmail.com> - 2013-10-02 20:06 +0300
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-10-02 17:39 +0000
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Νίκος Αλεξόπουλος <nikos.gr33k@gmail.com> - 2013-10-02 21:02 +0300
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-10-02 20:02 -0400
Re: Can arbitrary code run in a server if someone's know just the MySQL password? Tony the Tiger <tony@tiger.invalid> - 2013-10-04 15:19 -0500
csiph-web