Having MySQL disable being a security risk

caftpx10 · Apr 28, 2014

I've noticed an issue yesterday when my site was working with MySQL then suddenly got disabled again (completely working fine now

), so, I've went to the site logged in (cookie already in place) and then something really bad happened.
I've ended up on the home page (not redirecting since again, MySQL being disabled) not being logged in properly with info missing.

So what I'm suggesting next time when there is such migration or anything to do with the database is to make sure at least sites who use MySQL get shutdown or disconnected to the domains till the end just to be safe.

Dead-i · Apr 28, 2014

The MySQL server being offline shouldn't present any security risks. What exactly could happen from the MySQL server being offline?

caftpx10 · Apr 28, 2014

Well, if you've set a redirect based on a value in the database, it won't work since it's disabled.
Can't even do user checks to see if they are really that user (cookie hijacking).

descalzo · Apr 28, 2014

caftpx10 said:
Well, if you've set a redirect based on a value in the database, it won't work since it's disabled.
Can't even do user checks to see if they are really that user (cookie hijacking).

If your default action is to let the visitor see/do anything and you only stop them if they do not pass a test, you have a lousy security model.

bdistler · Apr 28, 2014

If your default action is to let the visitor see or do anything - for any reason - then you have no security

caftpx10 · Apr 29, 2014

bdistler said:
If your default action is to let the visitor see or do anything - for any reason - then you have no security

It's suppose to be that way for 3 pages and that's it if you're not logged in.
Anyone could register and that's intended.

caftpx10 · Apr 29, 2014

descalzo said:
If your default action is to let the visitor see/do anything and you only stop them if they do not pass a test, you have a lousy security model.

Lolno, I've sorted that out weeks ago after recreating the hosting account.
What I'm trying to say here is that with MySQL turned off, checks cannot be done correctly such as redirecting if password or/and username is wrong (prevents Cookie Hijacking in one way, password also hashed).
Even if you are not logged in and trying to get in, it redirects you back (if enabled

).
I'm trying my hardest on security (been working on it for a long time).

I have an idea to fix this when it happens again.

Livewire · Apr 29, 2014

caftpx10 said:
What I'm trying to say here is that with MySQL turned off, checks cannot be done correctly such as redirecting if password or/and username is wrong (prevents Cookie Hijacking in one way, password also hashed).

This would be why all major software I've worked with has exactly one action to perform if MySQL is offline: Abort the attempt, and return "Try again later." Your phrasing on being unable to check if the username/password is wrong implies that your default action is to assume they're logged in, which is obviously bad - the default action should be to deny access. If your code is unable to identify that MySQL is offline (which can easily be tested for as part of the creation of the MySQL connection), then that should be your priority to add.

Edit: I also want to add that we wouldn't be able to deny access to all sites utilizing MySQL, but we're not required to either - a properly coded website will disable itself. Take Wordpress for example; database offline = "Error establishing database connection," and the entire site stops loading. vBulletin has a similar page, although it's much prettier looking.

caftpx10 · Apr 29, 2014

Livewire said:
This would be why all major software I've worked with has exactly one action to perform if MySQL is offline: Abort the attempt, and return "Try again later." Your phrasing on being unable to check if the username/password is wrong implies that your default action is to assume they're logged in, which is obviously bad - the default action should be to deny access. If your code is unable to identify that MySQL is offline (which can easily be tested for as part of the creation of the MySQL connection), then that should be your priority to add.

Good point, I'll add it later with other security fixes.

EDIT: You mean exit()?, I can do that but it may look awkward looking in the login/register so maybe checking if the database connection has failed returning a message would be better in a way.

Livewire · Apr 29, 2014

Also my apologies if my post came out harsher than intended, re-read it and it's a lot more stern than I intended it to be

caftpx10 · Apr 29, 2014

Livewire said:
Also my apologies if my post came out harsher than intended, re-read it and it's a lot more stern than I intended it to be

No worries, at least I know what needs adding, thanks.

Having MySQL disable being a security risk

caftpx10

Well-Known Member

Dead-i

x10Hosting Support Ninja

caftpx10

Well-Known Member

descalzo

Grim Squeaker

bdistler

Well-Known Member

caftpx10

Well-Known Member

caftpx10

Well-Known Member

Livewire

Abuse Compliance Officer

caftpx10

Well-Known Member

Livewire

Abuse Compliance Officer

caftpx10

Well-Known Member

Free Web Hosting

Our Community

Legal