Page 1 of 1

new kich at the cat

Posted: Sat Aug 06, 2016 7:53 am
by Vegan
Config files have changed with Ubuntu 16.04 which made it harder than necessary to operate a web appliance.

https://hardcoregames.azurewebsites.net/?p=29892

I have a draft for another document on bolting on storage, but I am now going to use the basic A0 box to attempt to get a MySQL server up and on the internet so I can use that

I run 2 sites, so I installed the local console in addition to the server, this way I can manually make SQL commands

Now that I can log in, the permissions are needed for each site, one is obvious my gaming site, the other is my vegan site

now for security, I think permissions should be restricted to *azurewebsites.net on principle so that hacker and spammers cannot attack my server as easily?

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%.example.com' IDENTIFIED BY 'some_characters' WITH GRANT OPTION; FLUSH PRIVILEGES;

is obviously not what I want, I wanted to have specific user/password for each site, I may up a new site or 2 over time

but the idea I want is a new database with user and password, and if possible hard coded to the URL of the web site so that its secure as possible?

what I was thinking is

GRANT ALL PRIVILEGES ON *.* TO 'siteuser'@'%.azurewebsites.net' IDENTIFIED BY 'secure password' WITH GRANT OPTION; FLUSH PRIVILEGES;

so how can i manually add a user to the database?

CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';

is main idea, but I want to generate secure passwords for the sites so that hackers cannot spam my site etc

keep in mind all database uses are remote in the cloud but locatable by URL

Re: new kich at the cat

Posted: Sat Aug 06, 2016 11:25 am
by Vegan
managed to get the databases created ok, users are created ok

got a warning with GRANT so I am not sure what is wrong with that, references are still obsolete

Re: new kich at the cat

Posted: Sat Aug 06, 2016 2:29 pm
by requinix
Never use root in your code.

Code: Select all

GRANT SELECT,INSERT,UPDATE ON database.* TO 'username'@'host' IDENTIFIED BY 'whatever password'
If your user needs anything more than those three actions then include them. It probably doesn't need all databases so just grant privileges on the one(s) it needs.
"host" should be as restrictive as possible. "whatever password" can be whatever password.

Revoke privileges and possibly delete users that you don't need.

Re: new kich at the cat

Posted: Sat Aug 06, 2016 3:13 pm
by Vegan
ran into a new problem, cannot seem to connect to the server

checked everything i could, wonder what has it gimmicked now to block open access

Re: new kich at the cat

Posted: Sat Aug 06, 2016 7:05 pm
by requinix
If you don't get any error messages then there's a firewall problem. But I imagine you may have accidentally changed or removed a user that you needed. Connect as root and

Code: Select all

SELECT user,host,password FROM mysql.user
see what users there are.

Re: new kich at the cat

Posted: Sat Aug 06, 2016 9:36 pm
by Vegan
sql says user accounts are % for both sites

looked at the usual suspects for firewalls, linux said they were not even running

ufw is disabled

Re: new kich at the cat

Posted: Sat Aug 06, 2016 9:55 pm
by Vegan
found the problem, it was azure that was firewalling me, created a rule for 3306 and the chrome sql admin was able to log on