MySQL Forums: Security

Hi,

The MySQL 5.5 Reference Manual says that "The standard configuration of MySQL is intended to be as fast as possible, so encrypted connections are not used by default". Does this mean that performance for all connections to an SSL enabled MySQL 5.5.20 server will be affected or only those connections that choose to use SSL?

Thank you.

I'm pushing for use of MySQL where RDMS choices are considered. The sole argument against it is the possibility for clients to set a connection's SQL_mode regardless of the server-side setting.

What are the possibilities of eliminating this problem apart from setting up a MySQL Proxy filtering out sql_mode changes? I try to avoid Proxy since it doesn't support SSL connections, which in turn would force devs (and sysadmins) to use ssh accounts to talk to the server securely.

Forgot Windows admin password? Three available solutions!

1.Use the built-in administrator account which you can logon without password in safe mode.It was built when you install your system and its password default as blank.
Press ctrl+alt+delete twice in the welcome screen and you can see a classical logon dialog box,type administrator and press Enter.Or you can press F8 when you start/restart your computer to select start from safe mode.

2.Use a password reset disk If you have created ever.Of course it must be created for your current password.You can find a prompt when you input a false password in the welcome screen.Clik it and follow the guide:how to create Windows password reset disk.

3.If the two methods above cannot help you,you can find a recovery tool.As far as I know, there are many password tools on the network, but I have used is "Windows password rescuer personal/professional/advanced " ,it is simple and safe that the average person will use it. It can soon reset the password in several minutes.Only four steps can help you reset the lost Windows password:

Step 1: Download Windows Password Rescuer and install it to another computer.

Windows Password Rescuer Professional free download.

Step 2: Run it and burn it to a bootable CD/DVD or USB flash drive.Before this confirm that you have insert a blank bootable CD/DVD or USB.



Step 3: BIOS setting:Setup your own computer boot from CD or USB.Press F2 or DELETE when you start/restart your PC to get into the BIOS SETUP list.



Use arrow keys to select boot manu,and use +/- key to move the CD/DVD or USB option to the first site.



Then inset the CD/DVD or USB you have just created for recovering password. Press F10 to save and exit.



Step 4: Reset Windows password: Wait for a moment,it will display friendly operate window,and you can reset whichever password on it.



More details: Recover Windows 2000/XP/VISTA/WIN7 password with Windows Password Rescuer Personal/Professional/Advanced

Hi,

I am looking for configuring password lockout policy inside the MYSQL, without using the PHP.

Any hints or suggestions that could be helpful.

Thanks

It is truly very often for us to meet the password problem, sometimes we would forgot windows password or lost windows password, and could not login windows system and make a big trouble. At this time, you would hope to find a way to reset and recover the forgotten password.
Actually, a lot of methods are available to recover or reset the Windows password. But most of them are designed for PC experts, not common PC users, those solutions are too complicated to get it work for us. And in this article, I will show you a professional software tool which could help you to reset forgotten windows password easily.

Total Windows Password Reset is powerful password recovery software to reset Windows login password for you to access Windows OS without reinstalling the OS when you forgot windows password or lost windows password. It could remove windows password and set the password to blank. Just boot from the program CD/DVD or USB flash drive, choose the account you wish to reset and all will be done. It is not a method to crack or bypass windows password, just remove or delete windows password and set it to blank so you could login windows to set new password.Below is the guide of how to reset windows password with this software, only 3 steps are needed to reset windows 7/Vista/XP/2003 password:

Step 1: Download the setup file of Total Windows Password Reset on the official website:
http://www.resetwindowspassword.net
And install it on another PC. Then you could startup the password recovery software to prepare the bootable disc.


Step 2: Burn the windows password recovery bootable CD/DVD or USB disc with the software.
Now, you may select “Burn DVD/CD Disc” or “Use USB Disc”. If you select first method, you need to have a blank CDR/DVDR disk, a COMBO or DVDRW drive on the PC. If you select to use USB disc, you just need to pay attention: This USB devices would be formatted, so you must make sure to back up all the data before use it. And the maximum capacity of the USB devices cannot exceed 2G.Tips: We recommend you to use the DVD/CD method to do the windows password reset, because some computers may not support USB start-up.

Step 3: how to burn the CD/DVD
1.Launch Total Windows Password Reset main window, Click “Burn DVD/CD Disc” button.
2.In BurnCC’s main window, click “Browse” button and in the open window, locate the file “TWPR.iso” on your desktop, select it and click on Open to get back to the main window. Then, click “Start” button.

3.Your DVD drive should open and insert a blank CD-R or DVD-R disc into the drive and close it. Click “OK” button. Your CD will be burned in a few minutes.
Tips: if there is already a CD/DVD disc in the drive before run the software, the CD drive will open automatically. Please close it again. The process will be continuing. And you could also select UCB as boot disk, and you could visit the website to get more information and tutorials.

Step 4: Boot your PC with the burned CD/DVD or USB disc to reset windows password.
You need to insert the Created CD/DVD or USB drive into the optional drive of the locked computer and reboot it.
Tips:It your computer still boots from hard drive Windows OS, it's necessary for you to change your COMS or BIOS settings to make it boot from CD/DVD or USB drive. If you don't know how to set it, you may visit the official website:http://www.resetwindowspassword.net or contact the computer manufacture.The computer boots from CD/DVD or USB drive, then
1.The program will ask for the Windows OS hard drive volume. Enter the ID number of the hard drive volume that Windows is installed.

2.The program has detected all the user names of Windows and asks which user name password is to be removed. Enter the ID number for the User Name.
3.The program asks to confirm weather to remove the password or not. Enter "y" (yes) to confirm your action and "n" (no) to deny the action and hit "Enter".
4.The program asks whether to continue to remove passwords for other accounts. Enter "y" to continue and "n" to finish. Eject your USB from your computer first and press any key to restart the computer from Windows. Now you can log in Windows with an empty password (with no password.), just click “Enter” when you login.

If you have any questions of the password recovery procedure and the settings, you could visit the website:http://www.resetwindowspassword.net Now you could see that to reset or recover the admin login password of windows OS: XP, Vista, Windows 7 or 2000 is not so difficult and you can do it with ease.

This topic will show two workable solutions for recovering local or domain administrator password for windows server 2008, 2003 and 2000.

Solution 1: Hack windows server password with Windows Password Reset Ultimate.

Windows Password Reset Ultimate (WRRU) can help to create a password reset disk to recover the local and domain password for windows server 2008, 2003 and 2000. Key steps as below:
1. Download and install Windows Password Reset Ultimate.
2. Create a bootable password recovery disk with (WRRU).
3. Boot windows server from password recovery disk.
4. Recover windows server administrator password.

Get Windows Password Reset Ultimate and view more detail, please visit Windows Password Reset site.

Solution 2: Crack windows server password with a script.
Key steps:
1. Create a WinPE boot disk.
2. Boot Windows server from WinPE boot disk.
3. Create a password hack script.
4. Edit windows registry offline to make script run when windows server start up.
5. Reboot windows server and login with administrator account.
6. Reset the password of other account with administrator account.

Source from: How to hack windows server password

So I am completely confused on the whole oracle/mysql thing at this point. Mysql GA comes out with releases which contain bug/security fixes which will increment the version (5.5.19 becomes 5.5.20). That's the way it's always been and is simple enough. Now however oracle is releasing "patches" to mysql.

From what I understand is that these patches are for the enterprise commercial advanced (ECA) edition and not for GA as GA has it's own open sourced fixes. If this is the case then how does it work out for CVEs because NVD (yeah I know they're wrong all the time) is simply saying that mysql 5.5.20 is vulnerable. GA 5.5.20 was released a week prior to the oracle CPU so I'm assuming that these vulnerabilities were not fixed in the newest GA. So like I said, I am really confused about all of this and have some questions.

Is GA vulnerable to what was patched in ECA?
Will GA implement these fixes?
How can I tell if ECA has been patched? Are the patches installed as patches or are they new versions? (the ECA trial only seems to be at 5.5.19)
Should I now consider ECA and GA completely separate forks/products in regards to security?

As someone who works in vulnerability management I'm really not sure what I should be telling clients in regards to their mysql security now and could really use some clarification.

How to reset Windows Vista password if you lost windows vista password? Lots of people will meet this common problem, but it usually perplex people that they don’t know how to do. I am always pleased to help them with useful solutions for Vista password reset. In fact, there are many solutions can be found on the internet, but some of them are complex for a computer new hand. Now I collect three methods which are easy to use to you, these methods may be the most helpful way to recover Windows Vista password that I have tested.

Solution 1. Prepare a Windows Vista password reset disk and use it to reset lost password.

Windows XP and further versions also provide another method to recover forgotten Password by using “Reset Disk”. If you created a Password Reset Disk in Past, you can use that disk to reset the password. You could easily create a Windows Vista password reset disk via Vista's control panel with a blank USB flash drive.

1. Open Start -Control Panel -User Accounts and Family Safely-User Accounts.
2. Click Create a password reset disk on the left pane.
3. Click “Next”, follow the forgotten password Wizard to complete creating a Vista password reset disk.



Start/Restart your computer, on the logon box type in incorrect password, then click the reset password link and there will be wizard. Now you can recover Windows Vista password with the created password reset disk on your PC within seconds. Of course this password reset disk must be created for your current password.

Solution 2. Use free Vista password recovery tool to recover Vista password.

There are two popular tools: Ophcrack and Offline NT Password & Registry Editor. The former which is based on rainbow tables will spend you much precious time to download but just can reset passwords less than 14 characters. The latter supports Windows NT/2000/XP, but not AD password recovery.
Once you forgot Windows 7/vista/xp password, Ophcrack is a good choice to recover lost password. However, many Windows users failed to recover Windows password as its large ISO file which is more than 496MB.
Download Ophcrack: http://ophcrack.sourceforge.net/download.php
Offline NT Password: http://home.eunet.no/pnordahl/ntpasswd/
But the problem is you need operate in Dos environment, which is more suitable for PC expert.



Solution 3. Use Professional Vista Password Recovery Software to Reset Vista Password

In addition to many free Windows password recovery tools, several premium programs are also available that will recover Windows passwords.
Realizing that you've forgotten your Windows password is guaranteed to strike panic in anyone. Luckily, there are several programs and services that can help "hack" into your own Windows PC!

Let’s take Daossoft Corporation for example who offers a good software names Windows Password Rescuer. As one of the best and popular Windows password recovery tool, we just need 4 steps to reset/remove Windows Vista password. We can especially use Windows Password Rescuer to create a New User with administrator privilege that we can copy the data of our locked computer if we want to reinstall the Operating System.(Note : Don’t use it to hack other’s computer or steal private data that it is illegal.)



1. Download Windows Password Rescuer and install it to another available computer.
2. Run it to burn a bootable CD/DVD or USB flash drive. Before this confirm that you have inserted a blank CD/DVD or USB.
3. BIOS setting: Setup your own computer boot from CD or USB. Press F2 or DELETE when you start/restart your PC to get into the BIOS SETUP list. Use arrow keys to select boot menu, and use +/- key to move the CD/DVD or USB option to the first boot site. Then insert the CD/DVD or USB you have just created. Press F10 to save and exit.
4. Reset Windows password: Wait for a moment, It will display a friendly operating window, and you can reset whichever password on it.

Not only Windows Vista, Windows Password Rescuer can also be used to recover domain password on Windows server 2008/2003/2000 and local password for other OS, such as Windows 7, Windows XP, etc.