Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    New to the CF scene
    Join Date
    Aug 2013
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Changing MySQL Password

    Recently I gave a programmer access to the mysql for coding and queries. I plan on letting him go for some reasons. To take extra precaution is there a way to change the mysql password?
    I notice that if I change the password, then I have to go into every php file and change the password. Am I correct?
    That would be very tedious.
    What actions can I take?

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Changing the password is easy: http://dev.mysql.com/doc/refman/5.0/...-password.html. Of course, you didn't give the programmer your root password, so you could always just simply delete the limited account.
    You only have to change each file if the programmer hasn't a clue what they are doing. Otherwise, there should be one location in which you should have configuration data.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,023
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    Quote Originally Posted by Fou-Lu View Post
    Of course, you didn't give the programmer your root password, so you could always just simply delete the limited account.
    Boy, are you an optimist, Fou-Lu! I'm giving 3 to 1 odds that indeed he not only gave the programmer the root password, but that is the username and password being used throughout the PHP code.
    You only have to change each file if the programmer hasn't a clue what they are doing. Otherwise, there should be one location in which you should have configuration data.
    And how many programmers have a clue to what they are doing?

    I'm giving 5 to 1 odds on this one. <grin/>
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #4
    New to the CF scene
    Join Date
    Aug 2013
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I had to give the programmer the username & password included int he php scripts because he had to add a few for queries and placeholders in the database.
    Should I not have given the username & password to him? How would he add php scripts then without the user& pass... Im not too familiar with mysql as you may notice...
    So is there a way to change this? What should I do next time?

  • #5
    New to the CF scene
    Join Date
    Aug 2013
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Let me say the user& pass isnt on all mysql files, but on some of them and I dont want to have to change every single php file he added it to.

  • #6
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,023
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    Quote Originally Posted by chargersrool View Post
    Let me say the user& pass isnt on all mysql files, but on some of them and I dont want to have to change every single php file he added it to.
    "on all my mysql files". HUH? What "files"? Why would mysql be using files?

    And if he hard coded the user name and password into any PHP files, then you have no choice but to go in and change all such uses.

    Should I not have given the username & password to him?
    You should not have given him the root username and password.

    You should have created a user *SPECIFICALLY* for use by PHP code. With that user's own password.

    But even if you had done that, if he hard coded them into the PHP files, then you have no choice now but to go change all of them.

    *****

    You know, with any kind of decent program editor, this should be a pretty simple task. You know what the old password is, right? So just do a search and replace in *ALL* files to change it to the new password. All good program editors I know of have a "replace in files" command that will do this in a few seconds. Even if you (foolishly) used a password that looks like a PHP variable name or such, the worst you would need to do would be to sit there and approve or deny each change as the editor found it.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #7
    New to the CF scene
    Join Date
    Aug 2013
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thanks for the tips,
    Let me clarify that I did not give him my root password. I didnt even create one. I just gave him the mysql database name and pass along with an FTP user I made for him. The FTP isnt the issue I just saw that there was another file other then the the config.php that had the database user and pass on it.

  • #8
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,023
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    My head hurts.

    How could he possibly TEST his code unless he had a valid username and password for MySQL??? I don't know where he got it from, but he *HAD* to have it. Period.

    And I still say, once he SAW that password, you have no choice but to (a) change it and (b) find all uses of it in the code and change them.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #9
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,869
    Thanks
    2
    Thanked 163 Times in 158 Posts
    Maybe the root user account doesn't have a password which would allow anyone to access the database. That was the case at my job. My employer thought they were safe because it was a private network with multiple firewalls between the private and public networks. They quickly put passwords in place after I proved to them that anyone on the inside could access the databases.

  • Users who have thanked FishMonger for this post:

    chargersrool (08-24-2013)

  • #10
    New to the CF scene
    Join Date
    Aug 2013
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts
    My head hurts.

    How could he possibly TEST his code unless he had a valid username and password for MySQL??? I don't know where he got it from, but he *HAD* to have it. Period.

    And I still say, once he SAW that password, you have no choice but to (a) change it and (b) find all uses of it in the code and change them.

    I come to this forum with minimal experience in the mysql field, looking for help of course some arrogant asshole acts like everyone should know everything. (old pendant)

    If you have nothing good to say that will help me out, go find another nooby to scrutinize.

  • #11
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,023
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    Look, if you don't like being told the FACTS and the TRUTH, then don't ask for answers.

    You said
    Let me clarify that I did not give him my root password. I didnt even create one. I just gave him the mysql database name and pass ...
    If you didn't give him the password, then why did you then turn around IN THE SAME SENTENCE and say you *DID* give him "name and pass"???

    And if you don't think I helped you, then it is because you are too stubborn to realize the truth. To wit, you now have NO CHOICE but to go find EVERY usage of name and password (and it doesn't matter if it is root user or some other user) in that PHP code and CHANGE them. Period.

    If you think I'm arrogant, then what the heck do you call yourself? You seem to want us to tell you that the world will work the way you want it to, not the way it really does. When you become god of the universe, then you can change things to work your own way.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •