Having MySQL disable being a security risk

Status
Not open for further replies.

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
I've noticed an issue yesterday when my site was working with MySQL then suddenly got disabled again (completely working fine now :p), so, I've went to the site logged in (cookie already in place) and then something really bad happened.
I've ended up on the home page (not redirecting since again, MySQL being disabled) not being logged in properly with info missing.


So what I'm suggesting next time when there is such migration or anything to do with the database is to make sure at least sites who use MySQL get shutdown or disconnected to the domains till the end just to be safe.
 

Dead-i

x10Hosting Support Ninja
Community Support
Messages
6,084
Reaction score
368
Points
83
The MySQL server being offline shouldn't present any security risks. What exactly could happen from the MySQL server being offline?
 

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
Well, if you've set a redirect based on a value in the database, it won't work since it's disabled.
Can't even do user checks to see if they are really that user (cookie hijacking).
 

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
Well, if you've set a redirect based on a value in the database, it won't work since it's disabled.
Can't even do user checks to see if they are really that user (cookie hijacking).

If your default action is to let the visitor see/do anything and you only stop them if they do not pass a test, you have a lousy security model.
 

bdistler

Well-Known Member
Prime Account
Messages
3,534
Reaction score
196
Points
63
If your default action is to let the visitor see or do anything - for any reason - then you have no security
 

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
If your default action is to let the visitor see or do anything - for any reason - then you have no security
It's suppose to be that way for 3 pages and that's it if you're not logged in.
Anyone could register and that's intended.
 

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
If your default action is to let the visitor see/do anything and you only stop them if they do not pass a test, you have a lousy security model.
Lolno, I've sorted that out weeks ago after recreating the hosting account.
What I'm trying to say here is that with MySQL turned off, checks cannot be done correctly such as redirecting if password or/and username is wrong (prevents Cookie Hijacking in one way, password also hashed).
Even if you are not logged in and trying to get in, it redirects you back (if enabled :p).
I'm trying my hardest on security (been working on it for a long time).

I have an idea to fix this when it happens again. ;)
 
Last edited:

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
What I'm trying to say here is that with MySQL turned off, checks cannot be done correctly such as redirecting if password or/and username is wrong (prevents Cookie Hijacking in one way, password also hashed).

This would be why all major software I've worked with has exactly one action to perform if MySQL is offline: Abort the attempt, and return "Try again later." Your phrasing on being unable to check if the username/password is wrong implies that your default action is to assume they're logged in, which is obviously bad - the default action should be to deny access. If your code is unable to identify that MySQL is offline (which can easily be tested for as part of the creation of the MySQL connection), then that should be your priority to add.

Edit: I also want to add that we wouldn't be able to deny access to all sites utilizing MySQL, but we're not required to either - a properly coded website will disable itself. Take Wordpress for example; database offline = "Error establishing database connection," and the entire site stops loading. vBulletin has a similar page, although it's much prettier looking.
 

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
This would be why all major software I've worked with has exactly one action to perform if MySQL is offline: Abort the attempt, and return "Try again later." Your phrasing on being unable to check if the username/password is wrong implies that your default action is to assume they're logged in, which is obviously bad - the default action should be to deny access. If your code is unable to identify that MySQL is offline (which can easily be tested for as part of the creation of the MySQL connection), then that should be your priority to add.
Good point, I'll add it later with other security fixes. :)

EDIT: You mean exit()?, I can do that but it may look awkward looking in the login/register so maybe checking if the database connection has failed returning a message would be better in a way.
 
Last edited:

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
Also my apologies if my post came out harsher than intended, re-read it and it's a lot more stern than I intended it to be :(
 
Status
Not open for further replies.
Top