Is it possible for someone to hack a MySQL database by knowing (only) the username and the password for my database.
There is no phpMyAdmin to login from it and there is no way to do any SQL injection in the website (because I'm using Laravel).
是否可以通过知道PHP中的用户名和密码(仅限)来破解我的数据库[关闭]
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
分享- 邀请回答
-
1条回答 默认 最新
- dongqie8661 2016-10-30 16:24关注
Your question is quite similar to "Is it possible to break into my house with my door key?"
It depends on few things:
- Which IP is your MySQL listening to? In your MySQL Config File
bind-address, find the value. - For that specific username, did you enabled remote access for that user in MySQL?
- Any Firewall rules to restrict remote MySQL connections?
By the way, using Laravel or any other frameworks does NOT guarantee anything on protecting from SQL injection. People can easily write a SQL injection vulnerable web page under any framework if they want.
You should:
- Implement your database related code properly and follow the instruction in the documentation.
- Set your MySQL users and their privilege in the right way.
- Do not expose your database to the public is recommended.
Last thing for your update, if you want to share your database with others. Not a big problem if you set the privilege correctly.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报 分享 - Which IP is your MySQL listening to? In your MySQL Config File
- 2016-10-30 13:50回答 1 已采纳 Your question is quite similar to "Is it possible to break into my house with my door key?" It de
- 2021-06-09 22:53回答 2 已采纳 select * from admin where username='$username' 改为 select * from admin where username='$username' a
- 2019-05-15 03:57回答 3 已采纳 I think your condition is wrong in the client end script. If username and password matched then it
- 2023-12-20 12:49Francek Chen的博客 NoSQL数据库适用于数据模型比较简单、IT系统更强的灵活性、对数据库性能要求较高且不需要高度的数据一致性等场景。本篇文章简单介绍常见的NoSQL数据库类型。
- 2017-06-27 02:16回答 1 已采纳 maybe answered on How to use basic authorization in PHP curl so try from that: <?php $username
- 2022-07-14 12:49回答 2 已采纳 当用户点击进行注册的时候获取用户输入的用户名,发送到phpphp获取这个数据,在数据库中进行查找如果找不到一样的就返回false,否则就是true然后表单可以通过return true或者return
- 2018-03-07 10:44回答 3 已采纳 You want to check if Username and pincode were sent before querying the db. If they are not passed
- 2021-12-04 19:58出色的你csdw的博客 计算机系统综合实训 头歌MySQL数据库实训平台作业,内容比较全比较多,内容仅供参考,如有错误部分希望联系我跟正,觉得有用记得点赞收藏。数据库1-MySQL数据定义与操作实战 数据库2-MySQL数据管理技术实战 数据库3-...
- 2014-09-04 15:21回答 1 已采纳 Your browser is saving and auto-completing your username and password. You could try autocomplete
- 2017-04-09 18:53回答 2 已采纳 $data = User::get(['name','password'])->where('name',$input['name']) ->where('passw
- 2018-06-16 22:14回答 2 已采纳 Yes, this is common. Most web apps and web sites do something like this. WordPress, for example, u
- 2023-11-25 00:25星川皆无恙的博客 数据与网络安全作为保障大数据系统正常运行的基石,同样备受关注。...本文通过CMS靶场实训,深入分析CMS系统的安全漏洞,探讨防范措施,提供实战经验和攻防能力,有助于加强大数据与网络安全意识。
- 2017-11-30 14:40回答 3 已采纳 跳转需要在javascript里做 ``` 'error','message'=> $output); exit(); } if(!mysqli_set_charset
- 2023-11-10 15:56大数据东哥(Aidon)的博客 Neo4j是一个开源的、 无Shcema的、 基于java开发的图形数据库,它将结构化数据存储在图中而不是表中。本文覆盖图数据库和Neo4j概要、Neo4j安装部署、Neo4j实践操作、Neo4j Admin、Neo4j API开发。具体包含图...
- 2024-04-27 21:00vx_BS81330的博客 采取面对对象的开发模式进行软件的开发和硬体的架设,能很好的满足实际使用的需求,完善了对应的软体架设以及程序编码的工作,采取Mysql作为后台数据的主要存储单元,采用java技术、Ajax技术进行业务系统的编码及其...
- 没有解决我的问题, 去提问
悬赏问题
- ¥50 分布式追踪trace异常问题
- ¥15 人在外地出差,速帮一点点
- ¥15 如何使用canvas在图片上进行如下的标注,以下代码不起作用,如何修改
- ¥15 Windows 系统cmd后提示“加载用户设置时遇到错误”
- ¥50 vue router 动态路由问题
- ¥15 关于#.net#的问题:End Function
- ¥15 无法import pycausal
- ¥15 VS2022创建MVC framework提示:预安装的程序包具有对缺少的注册表值的引用
- ¥15 weditor无法连接模拟器Local server not started, start with?
- ¥20 6-3 String类定义