Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
My question is simple: How can a person access my database in production if he knows my password? I know that it can be done, because otherwise you wouldn’t have to set a password for it, but I really want to know how.
Also, if someone knows the password for my database, can he execute all queries to my database (not only SELECT, but also the ones that alter the database)?
Your database is on a server, a computer just like any other. It has a MAC address, probably a NIC, and most importantly, an IP address.
If you’ve ever used Window’s remote connection utility, you are asked for the IP address of the computer, and the login credentials for the user’s account. From there, you’d open the database management system (which is simply an application running on the computer), and once you’ve entered the database, it’s just sitting there. Just like it does for you.
The process of deleting all of your hard work, for an attacker, includes the exact same steps you would take! Pick a good password, and don’t store any sensitive information on any public-facing directories on the server!