LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-22-2010, 01:44 AM   #1
puppymagic
Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 63

Rep: Reputation: 4
Red face Accessing and viewing information in a database without a login/password?


Is that ever possible?

I mean, isn't that exactly how normal home users can visit search engines such as Google or Bing and search for information?
 
Old 03-22-2010, 01:48 AM   #2
Sayan Acharjee
Member
 
Registered: Feb 2010
Location: Chennai, India
Distribution: Manjaro
Posts: 616

Rep: Reputation: 64
That is possible actually, with sql injection attack technique someone can break into your database:
http://www.unixwiz.net/techtips/sql-injection.html
 
Old 03-22-2010, 01:48 AM   #3
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
I still am not sure what you mean or want to say. Connecting to a database using some client will always need a username and password. Not all databases are password protected but will still need user name. But I do not understand what you are trying to compare with Google or Bing?
 
Old 03-22-2010, 06:02 AM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,356

Rep: Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367
Just because an interface doesn't ask you for a user & password, doesn't mean it's it's not using them in the background ... or an equiv like ssh auth key or ssl cert ...
 
Old 03-22-2010, 09:14 AM   #5
puppymagic
Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 63

Original Poster
Rep: Reputation: 4
Thanks, chrism!! You are about the closest to the answer I was hoping for....

Then could you briefly tell me what happens when a user visits Google and searches for and views information stored in Google?
 
Old 03-22-2010, 09:43 AM   #6
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,363

Rep: Reputation: 135Reputation: 135
Quote:
Originally Posted by sayan_acharjee View Post
That is possible actually, with sql injection attack technique someone can break into your database:
http://www.unixwiz.net/techtips/sql-injection.html
Nice guide..
 
Old 03-22-2010, 04:13 PM   #7
jefro
Moderator
 
Registered: Mar 2008
Posts: 16,357

Rep: Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377
A web page actually accesses the database not the users.

A user could authenticate by a number of ways. One might be making a self signed certificate and using it but there are other ways too.
 
Old 03-22-2010, 06:58 PM   #8
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,356

Rep: Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367
One way is you give the Apache user access rights to database content and hardcode the username/passwd in the program. You could put them in a cfg file and have the prog read them (better imho).
For programs that run independently, you could supply them on the cmd line. There's an awful lot of processing that goes on in the real business world that has nothing to do with a webserver or end users generally: think billing for a start. I've written loads of programs like that.
You can encrypt the cfg files, but that makes it more of a pain if you need to change the values.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to make my linux database use linux login/password info cknorr Linux - Software 2 09-02-2009 01:21 PM
LXer: CLI Magic: Viewing system information LXer Syndicated Linux News 0 01-08-2008 08:41 PM
Lost Login and Password Information on an Old Computer rcp3w Red Hat 2 01-07-2005 12:57 AM
accessing system calls information netwizio Programming 4 02-18-2004 12:53 AM
viewing my password brandonAd Linux - Newbie 7 08-12-2003 11:52 AM


All times are GMT -5. The time now is 09:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration