How do I add Permission to the database?

Status
Not open for further replies.

akillers

New Member
Messages
1
Reaction score
0
Points
1
  • Ensure your connection details are correct. If they are, your MySQL database is probably refusing remote access. Grant the IP of your web server permission to access the database. If you are unsure of how to do this, ask your mysql server host. If you are on a dedicated server, ssh in and run the following queries as root to grant access, replacing dbname with the name of your database, username with the username you want to use to connect to the database, IP with the ip address of the web server and finally, the password for the username.
  • How do I do this?
 

bdistler

Well-Known Member
Prime Account
Messages
3,534
Reaction score
196
Points
63
"If they are, your MySQL database is probably refusing remote access."
x10hosting's free-hosting accounts do not have remote MySQL database access (both incoming and outgoing from the account)
 
Last edited:

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
What @bdistler said.
On free hosting, it's expected for the webmaster to use the database for the site on X10, not outside of it.
For X10Premium however, remote connections to the database are allowed.

Funny enough, there's MySQL hosting (itself alone), but I don't think free hosting would allow connections to external sources.
 

ace_case

Member
Messages
217
Reaction score
11
Points
18
What @bdistler said.
On free hosting, it's expected for the webmaster to use the database for the site on X10, not outside of it.
For X10Premium however, remote connections to the database are allowed.

Funny enough, there's MySQL hosting (itself alone), but I don't think free hosting would allow connections to external sources.
I'm pretty sure I've tried this at one point, and I don't think it does.
 

Dead-i

x10Hosting Support Ninja
Community Support
Messages
6,084
Reaction score
368
Points
83
Just to clarify -- we do allow Remote MySQL on x10Premium, but not on free or prime hosting. :)
 

essellar

Community Advocate
Community Support
Messages
3,295
Reaction score
227
Points
63
The prohibition is two-way; you can't make remote SQL connections either inbound or outbound. If you want to use an external database (or use your free hosting database externally), you would need to create an HTTP API. (And note that the security setup will restrict the sort of API you can create.)
 

ace_case

Member
Messages
217
Reaction score
11
Points
18
The prohibition is two-way; you can't make remote SQL connections either inbound or outbound. If you want to use an external database (or use your free hosting database externally), you would need to create an HTTP API. (And note that the security setup will restrict the sort of API you can create.)
Restrict in what ways? I'm thinking about making an api so I can have a mobile app.
 

essellar

Community Advocate
Community Support
Messages
3,295
Reaction score
227
Points
63
Basically, you can't pass in anything that will result in malformed SQL statements, and the API client needs to be able to handle "hard" failures. The system is set up so that errors can't leak out (you'll get either a 403, a 404 or an empty response instead, depending on the apparent severity) in order to reduce the attack surface on user accounts. (Let's face it, the average skill level here is copypasta at best, so relying on users to safeguard their own sites has had a quite predictable success rate.) Passing URLs that look like fully-formed URLs in JSON also looks like a no-go at the moment; if you were intending to rely on anything that could easily become a cross-site injection with badly-written code, you'd need to find a way to "chunk" the data before passing it in a request. That would mean distributing a library if you were planning a public API (so that you can consistently re-assemble the data afterwards). You'll need to do your own testing; x10Hosting isn't going to tell people how to skirt the restrictions they've been forced to build into the system. Basically, the Wild West has to put up with civilisation now -- and both malice and ignorance have played their part in getting us here.
 

leafypiggy

Manager of Pens and Office Supplies
Staff member
Messages
3,819
Reaction score
163
Points
63
Output isn't really the issue, it's a POST request that would cause the problem. If you tried to throw a querystring like

Code:
data={'some': [{'json': 'elements'},{'go':'here''}], 'andwhatnot'}

It might trigger modsec. Also, things like

Code:
data=insert+into+dbtable+values+data+here
with fully formed SQL statements, will most likely trigger MySQL.
 

ace_case

Member
Messages
217
Reaction score
11
Points
18
Output isn't really the issue, it's a POST request that would cause the problem. If you tried to throw a querystring like

Code:
data={'some': [{'json': 'elements'},{'go':'here''}], 'andwhatnot'}

It might trigger modsec. Also, things like

Code:
data=insert+into+dbtable+values+data+here
with fully formed SQL statements, will most likely trigger MySQL.
Ok thanks. So as long as I'm not like explicitly telling mysql what to do it should be fine?
 

leafypiggy

Manager of Pens and Office Supplies
Staff member
Messages
3,819
Reaction score
163
Points
63
Pretty much, yes. The way an API *should* work (should being the "preferred" way) is with a RESTful API. Basically, you POST/GET/PUT/DELETE to a certain URL, and then action is taken on it based on the type of request (POST/GET/PUT/DELETE).

For example, if I had an API that showed my ToDos:

GET to /api/todos -> returns all todos
GET to /api/todos/<todo:id> -> returns one todo
POST to /api/todos -> inserts a new todo (parameters might be name, description, due by, etc)
PUT to /api/todos/<todo:id> -> update an existing todo
DELETE to /api/todos/<todo:id> -> delete an existing todo.


All of these might be stored in a database, or in a text file, or w/e. With an API it doesn't matter what happens in the background.. the API is technically all about how it's interfaced with.
 
Status
Not open for further replies.
Top