MySQL issue

[Ice IT Support]

Hi all,

I have a page located at http://customers.iceitsupport.net/howardstreet/index.php that returns this issue:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'iceitsup_*'@'localhost' (using password: YES) in /home/iceitsup/public_html/Other/Customers/howardstreet/index.php on line 8

All password settings are correct and the user exists and has been assigned to the database. I tried connecting by using the host 'stevie.heliohost.org' and putting '%' in the remote mysql box, but the issue persists.

Thanks!

 

P.S. You may enter 'lab' in the username field. No passwords are required.

[Guest xaav]

What happens when you connect with your cPanel username and password?

[Ice IT Support]

It works, thanks! But I don't understand why my "custom" username doesn't work.

[Guest xaav]

cPanel isn't granting the permissions on that database to your custom user for some reason.

[Ice IT Support]

That's alright, this database is only here temporarily, so no need to worry about it. Thanks for your help!

[hdhdhd]

have you checked if you added the user correctly and the correct user? Believe me even the best make mistakes sometimes

[vol7ron]

Access denied for user 'iceitsup_*'@'localhost' (using password: YES) in /home/iceitsup/public_html/Other/Customers/howardstreet/index.php on line 8

 

You should never reveal this much information. I now know where your script is, what your username is (or shaped like), and what password you're attempting. In addition, you gave me the database type and location.

 

I think this whole thread should be deleted for security.

[hdhdhd]

I AGREE THIS THREAD ISN'T HEALTHY FOR HIM

[Krydos]

hdhdhd, I suggest you read http://www.helionet.org/index/topic/2-the-official-spam-guide/ http://www.helionet.org/index/topic/1544-the-official-etiquette-guide/ and http://www.helionet.org/index/topic/3-the-official-enforcement-guide/

 

If the OP wants anything edited or deleted he need only ask.

[Guest xaav]

Just wanted to point out that the password isn't "YES," it's just whether he is using a password or not.

[Ice IT Support]

I see no need to delete any information for the following reasons:

 

The part of the username released is generic (this format is used on all accounts @ HH) and it is my cPanel username, which is required to be posted anyway.

The script path is also generic (all HH accounts are located at /home or /home1 and all website documents are in the public_html folder) and the rest of the path is used to navigate to the page in your web browser (the URL that is also required as an example for the error)

[vol7ron]

Just wanted to point out that the password isn't "YES," it's just whether he is using a password or not.

 

Ahh good catch

 

I see no need to delete any information for the following reasons:

 

The part of the username released is generic (this format is used on all accounts @ HH) and it is my cPanel username, which is required to be posted anyway.

The script path is also generic (all HH accounts are located at /home or /home1 and all website documents are in the public_html folder) and the rest of the path is used to navigate to the page in your web browser (the URL that is also required as an example for the error)

 

So you're exposing what's known only to HH members, to the rest of the internet, regardless of it's commonality with other CPanel/LAMP installs? And now, I see you are adding more information. I was trying to be helpful, but I am sort of taking your denial as a challenge. Am I correct?

[Ice IT Support]

What other information did I add? By default, most cPanel installs are configured to store account data on /home, as this has been the case for other hosts I have used. Same with the database usernames. Also I am not trying to challenge anyone. In fact I appreciate your concern, I was simply giving my reasons to why I am not concerned about who sees this information.

[lladnar]

[Xoviat]

I hadn't read this before I posted my own thread on exactly the same subject yesterday. I believe that it's something which needs to be addressed as it's just not good practice for regular site users to be wandering around with super user privs. One slip up in the design of a user input and you risk the most extreme example of an SQL injection problem there is.

 

Are there people going around with multiple users assigned and the connections working just fine?