db = MySQLdb.connect(host ="host",
user="user",
passwd="pass",
db="dbname")
q = db.cursor()
So, that's my code block, I was just wondering, how easy would this be to reverse engineer, and does mysqldb send authentications over cleartext?
I am creating a program that connects to a mySQL server over the internet, would someone be able to get my credentials?
Would someone be able to get my server login details?
The MySQL server could be configured to use SSL to secure the connection. See here for an example of using MySQLdb with an SSL connection and here for some info on configuring the server.
In your example above the username, password and all other data would be sent in cleartext.
Here are two related questions Python MySQLDB SSL Connection , CA SSL parameter for Python MySQLdb not working, but key does?
If you have access to change configure the MySQL server, we can help configure SSL.
MySQL supports encrypted connections. The MySQL server you are connecting to must be configured to use SSL and the client must add an SSL parameter when connecting.
Using SSL connections
shell> mysql --ssl-ca=ca-cert.pem ...
You can test if the server you are connecting to supports SSL my adding --ssl-ca=ca-cert.pem.
ca-cert.pem: Use this as the argument to --ssl-ca on the server and client sides. (The CA certificate, if used, must be the same on both sides.)
MySQL SSL Example describes the process from setting up MySQL for and connecting with SSL.
Passwords shouldn't be hardcoded in the code. Python has the convention of a config.py module, where you can keep such values separate from the rest of your code.
Please have a look here:
http://dev.mysql.com/doc/refman/5.5/en/connector-python-coding.html
The question regarding SSL to prevent disclosure has been answered above.
Fabio
#fcerullo
Related
I'm using oracledb library as the cx_oracle is not working now, using the command oracledb.connect(), and it always gives error
here is my code:
connection = oracledb.connect(
user='myusername',
password='mypassword',
dsn='xx.xx.xxx.xxx:portnumber/dsnname')
print("Successfully connected to Oracle Database")
oracledb.exceptions.OperationalError: DPY-6000: cannot connect to database. Listener refused connection. (Similar to ORA-12660)
and if I set the parameters like this
connection = oracledb.connect(
user='myusername',
password='mypassword',
dsn='xx.xx.xxx.xxx:portnumber:dsnname')
print("Successfully connected to Oracle Database")
it returns error
oracledb.exceptions.DatabaseError: DPY-4027: no configuration directory to search for tnsnames.ora
the database administrator approved the variables are correct and we are using thin client which is the default in the code parameters so I don't know what is making the problem?
The error (ORA-12660) indicates that you have encryption or checksumming parameters set on the database. These are set up in the server side sqlnet.ora and look something like this:
SQLNET.ENCRYPTION_SERVER=REQUIRED
SQLNET.CRYPTO_CHECKSUM_SERVER=REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER=(AES256,AES192,AES128)
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(SHA1)
SQLNET.ENCRYPTION_CLIENT=REQUIRED
SQLNET.CRYPTO_CHECKSUM_CLIENT=REQUIRED
SQLNET.ENCRYPTION_TYPES_CLIENT=(AES256,AES192,AES128)
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT=(SHA1)
This has been noted in the documentation. Your only option is to either disable the server requirement for native network encryption (NNE) or enable thick mode (which works the same way as cx_Oracle).
You can follow along with this enhancement request to see when NNE support is added to thin mode.
I'm trying to connect to Amazon RDS Postgresql database with this python code
import psycopg2
engine = psycopg2.connect(
database="vietop2database",
user="postgres",
password="07041999",
host="vietop2.cf4afg8yq42c.us-east-1.rds.amazonaws.com",
port='5433'
)
cursor = engine.cursor()
print('opened database successfully')
I encountered an error:
could not connect to server: Connection timed out
Is the server running on host "vietop2.cf4afg8yq42c.us-east-1.rds.amazonaws.com" (54.161.159.194) and accepting
TCP/IP connections on port 5433?
I consulted this trouble shooting on amazon and I already make sure the DB instance's public accessibility is set to Yes to allow external connections. I also changed port to 5433 and set VPC security to default. Yet, I fail to connect to the database. What might be the reasons? Please help me. Thank you very much
Below are the database connectivity and configuration information
I found the answer. I need to add new inbound rule allowing all traffic of IPv4 type
I have a postgres database running on a digital ocean server. The database is protected by a firewall and ssl root certificate, I add the Outbound addresses provided by the Azure Function App to the database firewall and I am passing the certificate through the connection string.
pg_conn = psycopg2.connect(host= os.environ.get("PG_HOST"),database= os.environ.get("PG_DB"), user=os.environ.get("PG_USER"), password=os.environ.get("PG_PASSWORD"), port=os.environ.get("PG_PORT"), sslmode='require', sslrootcert = r'my-proyect/certificate.crt' )
But when I upload my function to the cloud the connection sends a timeout
Connection timed out Is the server running on that host and accepting TCP/IP connections?
As per my knowledge, A connection time-out error is typically due to connectivity issues or networking issues.
Firewall if not allowing the access to the port number which application has.
Here is the tool for troubleshooting these sort of issues is portgry
portqry -n [hostname] -e [port number]
you can even add applications to Trusted Resources in Postgry SQL
Here is the document which has complete information about connection time out error.
I used sqlalchemy to connect to the oracle server from python.
(cx_oracle installation and oracle instant client setup are completed.)
The code I used is as follows:
(I used the ip address instead of the hostname. The ip address is a sample value.)
engine = create_engine('oracle://scott:tiger#123.234.345.567:1521/sidname')
q = engine.execute(test_query)
q.fetchone()
But I got the error like below.
sqlalchemy.exc.DatabaseError: (cx_Oracle.DatabaseError) ORA-24454: client host name is not set
I didn't use hostname, but I don't know why this error occurred.
Shouldn't I use the ip address?
Is there a solution?
That error is about the configuration of the machine you are running SQLAlchemy on, not the syntax you are using. Using an IP address is OK.
Typically Linux users update /etc/hosts and add a hostname for the loopback address. If you update your question with system information, we can help more.
I previously wrote my app using local development servers, and now that I have moved it onto an openshift small gear almost all works except for mysql connections.
In my code I have the line:
self.db = MySQLdb.connect(host, username, password, dbname)
When I review the openshift error log, the following error is reported:
_mysql_exceptions.OperationalError: (2002, "Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)")
I think that python is trying to connect using a UNIX socket as opposed to an INET one, but I'm not sure how to change this behavior. Any help is much appreciated.
Not specific to MySQLdb: if you use localhost as hostname, a MySQL client using the MySQL C libraries will try to connect using UNIX socket (or named pipe on Windows). There are 2 ways around this, but you'll need to grant extra permissions to make it work for both:
Use IP address 127.0.0.1
Use IP address 127.0.0.1 instead of the localhost hostname. This will make MySQL client connect using TCP/IP.
Use option files
The other way is to force the protocol using using option files. For example, in your ~/.my.cnf (or any file you want), add the following:
[python]
protocol=tcp
Now use the connection arguments to read the option file and group:
import MySQLdb
cnx = MySQLdb.connect(host='localhost', user='scott', passwd='tiger',
read_default_file='~/.my.cnf',
read_default_group='python')
The group name does not need to be python, but it is good not to use mysql or client as it might interfere with other MySQL tools (unless you want that of course).
For setting up permissions, you'll need to use the IP address of localhost, something like:
mysql> GRANT SELECT TO yourdb.* TO 'scott'#'127.0.0.1' IDENTIFIED BY ...;
(Site note: MySQL database drivers such as MySQL Connector/Python do not consider localhost to be special and connect through TCP/IP right away and you have to explicitly use the unix_socket.)
As I later discovered, while the database server runs on localhost, it runs on a very specific localhost bind address. In my case it was an address that I would never have though to try if I hadn't noticed how phpmyadmin was connecting.