Jump to content

SteveW

Members
  • Posts

    129
  • Joined

  • Last visited

Profile Information

  • Gender
    Male

SteveW's Achievements

Collaborator

Collaborator (7/14)

  • First Post
  • Collaborator
  • Conversation Starter
  • Week One Done
  • One Month Later

Recent Badges

0

Reputation

  1. As you said, it's best not to use your cPanel userID/password for database connections, for two reasons: 1) Your cPanel password is a very powerful one that allows a high level of access to your website. It should never be stored in a text file inside your website. But database connection passwords MUST be stored in a text file inside your website. Therefore, the one in the text file should not be your cPanel password. 2) When you use a separate MySQL userID/password for your database connections, you can change your cPanel password anytime you want, without breaking your database connections. For anyone who wants to migrate from using your cPanel password to a dedicated MySQL user and password, here's how: Go to cPanel > MySQL Databases. At "Add New User", create a new username. Give it a strong password. Notice that this new username actually has, before the name you just typed, a prefix consisting of several characters and an underscore. In your database configuration scripts, you should use the entire string as the database username. Near the bottom of the page, at "Add User To Database", select the user you just created. Also select the database you want that user to be associated with. Click "Add". On the resulting page, you'll see a list of privileges. Your cPanel user had ALL privileges, which was probably more than it really needed. Your new user can probably do everything it needs to do with fewer privileges, but, unfortunately, describing all the privileges here would take way too long. So just give the new user all privileges, and click "Make Changes". If you can determine later which privileges aren't needed, you can revoke them later on this same screen. Now go and edit your database configuration file (config.php, or whatever, as described in my earlier post). In it, find the location where your cPanel username is mentioned, and change it to the user you just created (using its full name, underscore and all). Also find the location where your old password is mentioned, and change it to the new MySQL user's password. Save the file. Test the application that uses this database. It should be working just the same as before, except it's now using the new user for the db connection. You can do a final test by changing your cPanel password. Your application should continue to work as before, because it's no longer dependent on your cPanel password.
  2. I think that could happen if you have been using your cPanel userID/password to connect to your database, and if you then changed your cPanel password in cPanel. Your database script would still be trying to connect to the database using the old password. Does that sound like it describes your situation? Most software applications store their database connection data in one file, called something like config.php, config.inc.php, or settings.php, in one of the folders used by that application. The solution would be to edit that file in a text editor (such as the one you can launch from cPanel > File Manager), and change the password to the new one. It's usually easy to find the right location to make the change: it's where you find the old password. (Before you make changes to the file, make a copy of the file for yourself as a backup. If something goes wrong, you can put the old one back.) This isn't the only reason you could get that error message, but it's the first one worth checking out, if you've been doing password changes.
  3. Up to now, gedit has been my favorite all-purpose text editor in Ubuntu. It came with a few plug-ins. I enabled some of them, but my memory is that most seemed fairly minor, so maybe there's a bunch more available that I'm not aware of? I like Geany, too, and Bluefish, but haven't used either of them often enough for their intended purposes to have a valid opinion. I think one of them allows selecting text and clicking a button to surround the text with HTML tags (which a Notepad++ plugin does), and the other allows clicking to create empty HTML tags which you can then fill with contents. Either way, I'm all in favor of anything that helps avoid typing <> and </> because they're awkward keystrokes that produce repetitive stress symptoms if you have to type them often enough. Come to think of it, I'm in favor of anything that reduces the keystrokes needed to get the text on the page. I'm not sure either of those can be a candidate for my go-to editor, a favorite for all types of text files. gVim looks like it has the potential. Yesterday, I opened a ".txt" file in it. It recognized from the contents that it was a "diff" listing, and applied the appropriate syntax highlighting. Very nice. For anybody who runs across this thread later, gVim is the GUI (menus and mouse) version of Vim, which in turn is a clone with enhancements of Vi that Bruce mentioned. Vi's been around since the 1970's, which is what inspired me to give it a second look. It still has lots of users and is in active development after 35 years? Had to check that out! That's like discovering there's a version of WordStar for Windows 8. In my earlier post, I made an edit that accidentally ended up saying the opposite of what I meant! You probably realized it, but I didn't. Should have been: ...without feeling deprived. except In the area of text editors, Notepad++ is a real pull back to Windows...
  4. GoodBYtes's post above (#157) expressed much the same as I was thinking, better than I can ^. Especially appreciate the prompt status announcement in the forum. The notification email was how I learned of the incident. I found it a non-jarring way to be notified. Truly amazing, skillful, and fast. Thank you.
  5. It makes me glad when someone seems to be having a good experience with one of the linuxes. I've been using Ubuntu Jaunty ever since first trying it about 2 1/2 years ago. It's well past its support period and feels creaky (with Firefox 3.0 when I've got FF12 in Windows XP), but, at the time, I downloaded every software package I thought might ever be of interest, 2000 of them, 2GB+, which took two weeks on dial-up. I'd like to try Debian, but am not anxious to do a two-week-installation repeat and don't want to risk having no working linux because I quickly discovered that once I had it, I needed it. For website stats I use a MySQL database that currently has over 5 million rows and still runs smoothly. There's a bunch of nifty utility programs in linux. I found Windows versions of many of them at the Sourceforge GNUWin32 project, so now I can use Windows (where I am most of the time) without feeling deprived except in the area of text editors. Notepad++ is a real pull back to Windows. It's not available for linux. Ubuntu has several very good editors, but they all have a combination of strengths and weaknesses, and no single one rivals Notepad++. My "last hope", which actually seems to have a very good chance, is gVim, which I've spent the past 2 weeks learning. It works very differently from most editors, but might be more powerful than any of the others, and has the advantage that it will work exactly the same in either Windows or linux, so I won't have to care where I am. I'd swear Ubuntu makes my sound card sound better than Windows does. Haven't thought of a reason why that could be. It's too bad there's no speech recognition in linux, but its automatic command completion (when you press TAB) is extremely useful, and in OpenOffice, once a document has a lot of words in it, the same thing (pressing TAB or another character of your choice, I think) works very well there, almost compensating for the lack of speech recognition. Sometimes I start a document with a copy of some other big document just to get the word completion feature, and then delete all the extra text when I don't need it anymore. Hope there might be some useful tips in there. I found learning Ubuntu a lot of fun, and two+ years later it still is.
  6. I don't like to let a question go unanswered, but all I know about those certificates was from some reading at their website and Wikipedia after you mentioned them. I thought I saw one comment that some of their free certificates aren't free anymore. I don't know that much about SSL, but it seems as though there are different levels of trust and corresponding differences in price. It would seem to me that all you need is something suitable for encryption, and that the question of whether you are "who you say you are" is not that important in this situation, and maybe an inexpensive certificate might be sufficient for that purpose. Thinking about it a bit, I did come up with some other ideas, although I do realize that they're probably not the kinds of solutions you're looking for. Word documents and zip files can be encrypted and sent as email attachments, secure even when the email itself is not encrypted. I think it would be possible to use JavaScript to encrypt the contents of a feedback form before it gets submitted. Because you would have to send the "secret" encryption token with the outgoing page, it's not secure at all from someone with a real interest in the contents, but it would prevent casual snoopers from seeing the contents without expending more effort than most casual snoopers would bother with. I would expect that anyone who is a regular and real correspondent in the journalistic sense and who was interested in security would be willing to use active methods like Word or Zip or PGP email encryption (which I believe is basically a private certificate that you issue to yourself, so it has no certifying authority). The real problem is providing passive security to ordinary passers-by who are not willing to use active methods. Without a standard SSL certificate, that might be impossible due to the issue you mentioned, lack of browser trust.
  7. The purpose of a privacy policy should be to state honestly what the actual situation is, not to try to instill confidence in visitors by making comforting mission statements that might not be achievable. Even an honest privacy policy like "I can't really promise that people's private information will stay private" is better than a more comforting one that is false. However, a privacy policy generally only pertains to factors under your control. Some risks of electronic communications are not under your control. It is not necessary to make a sweeping promise like "people's private information will stay private." You can, instead, describe what steps you take to try to ensure the security of their information. If you're thinking about something like doing credit card transactions by email, I don't know if it's legal, but I don't think it would be a good idea in any event. Emails can be encrypted with "PGP" ("Pretty Good Privacy") keys, but that's probably beyond the abilities or willingness of many. Other alternatives are offline communications like phone, USPS, FedEx.
  8. Either method could allow a brute-force password guessing attack to succeed unless all your passwords for all your MySQL database users (not just the new one you created) are very secure, an absolute minimum of 12 completely random characters, upper/lower/punct. More is better. If you don't use punct, make the password at least 2 chars longer to compensate. With the phpMyAdmin method, you'd need to make sure that your version of phpMyAdmin is always kept up to date, which could sometimes involve installing an update about once a month based on the history at http://secunia.com/a...task=advisories . You could add an additional layer of security by password protecting (in cPanel) the folder where you install phpMyAdmin. Your user will have to log in to the folder first (with the folder password), and then into phpMyAdmin (with their MySQL user password). The method of connecting directly to MySQL has the advantage that you don't have to keep software updated, but its security depends entirely on the strength of your MySQL passwords (unless you can also use the IP address restriction). With either method, "grant" to your new user only the specific permissions (SELECT, UPDATE, etc.) that they'll need for performing the actions you're allowing them to do, and only for the specific database they'll be using. If you set it up carefully, it looks to me that either method can be done quite securely. After setting it up, you could log in as the new user and browse around to make sure you're not allowing them to see or do things you'd prefer they couldn't.
  9. Glad to hear it, Bill. TCH deserves the success. You and the TCH staff do a great job. I'm very happy to be hosted here, and I'm sure many others are, as well.
  10. In addition to the other suggestions, Microsoft's successor to FrontPage is called Expression Web. There was a time when you could upgrade from FP to EW for only about $80.
  11. If you post a message to the other thread, the person who started it should get a notification that somebody replied to it. They might be willing to post how the situation turned out. What antivirus program do you use?
  12. Announcement at http://www.simplemachines.org/community/index.php?topic=452888.0
  13. Thank you for responding so quickly. I got this email today also. Would it help you to have a copy of it with all headers? If so, just let me know who to send it to.
  14. I used Trend Micro Internet Security for about 5 years and thought that it, and especially its firewall, were very good. However, at renewal time I learned that I'd be automatically upgraded to their new "Titanium" product which according to my online reading seemed to be a very much changed product with a simplified interface (it was already perhaps too simple), fewer configuration options, and, what caught my attention, no longer included a firewall. IF that's true, it could be because the standard Windows Vista/7 Firewalls are now so much improved over the old Windows XP version. But I still use WinXP. Since the Titanium conversion looked like it was going to be a drastic change in any event, I figured why not make a drastic change that I chose myself instead of one that I hadn't, so I switched to Kaspersky Internet Security 2011. Its out-of-the-box default settings for things seem to be quite secure, not requiring adjustments, but for those, like me, who appreciate having lots of configuration options, there are plenty (for both antivirus and firewall), enough to be overwhelming. The biggest firewall change I made was, using instructions from the Kaspersky forum, to block all unapproved outbound connections in addition to unwanted inbound connections. I ran an initial antivirus scan after setting all the detection settings to their highest possible levels, and KIS did not find any threats that Trend Micro had overlooked during the 5 years of use, so my confidence in TMIS seems to have been justified. The KIS reports (such as activity blocked by the firewall) can be difficult to understand, but they're more informative and better formatted than the TMIS ones were. It took me a few days to understand the firewall settings well enough to create custom settings that were what I wanted, so it's more complicated than the old TMIS was, but the fine-grained control could be useful, and it's interesting. Basically, it seems to have very good settings out of the box, fortunately. When you decide to do some tweaking, it can be very confusing. I'd recommend it as seeming to be a very good AV/firewall, though I've only been using it for a couple of weeks.
×
×
  • Create New...