Jump to content

Recommended Posts

Posted

Hi all,

I have a page located at http://customers.iceitsupport.net/howardstreet/index.php that returns this issue:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'iceitsup_*'@'localhost' (using password: YES) in /home/iceitsup/public_html/Other/Customers/howardstreet/index.php on line 8

All password settings are correct and the user exists and has been assigned to the database. I tried connecting by using the host 'stevie.heliohost.org' and putting '%' in the remote mysql box, but the issue persists.

Thanks!

 

P.S. You may enter 'lab' in the username field. No passwords are required.

Posted

What happens when you connect with your cPanel username and password?

Posted

cPanel isn't granting the permissions on that database to your custom user for some reason.

  • 2 weeks later...
Posted
Access denied for user 'iceitsup_*'@'localhost' (using password: YES) in /home/iceitsup/public_html/Other/Customers/howardstreet/index.php on line 8

 

You should never reveal this much information. I now know where your script is, what your username is (or shaped like), and what password you're attempting. In addition, you gave me the database type and location.

 

I think this whole thread should be deleted for security.

Posted

Just wanted to point out that the password isn't "YES," it's just whether he is using a password or not.

Posted

I see no need to delete any information for the following reasons:

 

The part of the username released is generic (this format is used on all accounts @ HH) and it is my cPanel username, which is required to be posted anyway.

The script path is also generic (all HH accounts are located at /home or /home1 and all website documents are in the public_html folder) and the rest of the path is used to navigate to the page in your web browser (the URL that is also required as an example for the error)

Posted

Just wanted to point out that the password isn't "YES," it's just whether he is using a password or not.

 

Ahh good catch :)

 

I see no need to delete any information for the following reasons:

 

The part of the username released is generic (this format is used on all accounts @ HH) and it is my cPanel username, which is required to be posted anyway.

The script path is also generic (all HH accounts are located at /home or /home1 and all website documents are in the public_html folder) and the rest of the path is used to navigate to the page in your web browser (the URL that is also required as an example for the error)

 

So you're exposing what's known only to HH members, to the rest of the internet, regardless of it's commonality with other CPanel/LAMP installs? And now, I see you are adding more information. I was trying to be helpful, but I am sort of taking your denial as a challenge. Am I correct?

Posted

What other information did I add? By default, most cPanel installs are configured to store account data on /home, as this has been the case for other hosts I have used. Same with the database usernames. Also I am not trying to challenge anyone. In fact I appreciate your concern, I was simply giving my reasons to why I am not concerned about who sees this information.

Posted

I hadn't read this before I posted my own thread on exactly the same subject yesterday. I believe that it's something which needs to be addressed as it's just not good practice for regular site users to be wandering around with super user privs. One slip up in the design of a user input and you risk the most extreme example of an SQL injection problem there is.

 

Are there people going around with multiple users assigned and the connections working just fine?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...