DirectAdmin 1.666

Thanks for report @SanderJ.

There is a subtle difference between Debian 13 / Ubuntu 24 and older versions. We can no longer use generic binaries (.tar.gz packages, not .deb) provided by the upstream on Debian13 / Ubuntu 24. This is because these distros use newer libraries which are not compatible with generic binaries provided in upstream .tar.gz packages. DB software are compiled from source on Debian 13 / Ununtu 24. We will update the CustomBuild compilation script to enable performance schema so the packages compiled on the Debian 13 / Ubuntu 24 and provided by the upstream would be similar to packages on older distros (feature wise).
 
fln said:
Thanks for report @SanderJ.

There is a subtle difference between Debian 13 / Ubuntu 24 and older versions. We can no longer use generic binaries (.tar.gz packages, not .deb) provided by the upstream on Debian13 / Ubuntu 24. This is because these distros use newer libraries which are not compatible with generic binaries provided in upstream .tar.gz packages. DB software are compiled from source on Debian 13 / Ununtu 24. We will update the CustomBuild compilation script to enable performance schema so the packages compiled on the Debian 13 / Ubuntu 24 and provided by the upstream would be similar to packages on older distros (feature wise).
Click to expand...
Thanks for your quick reply and explanation. Nice to hear that this will be changed compilation script.
 

1.666: Changing database user password together with DA account password​

It is no longer possible to change the database user account password when changing the main DirectAdmin account password. Changing the database passwords without updating it in all of the places where the password is used (website configuration) is error-prone.

To discourage sharing the password between the database and main DirectAdmin account, the password of database users will never be changed when changing the main DirectAdmin account password.

I needed to change all passwords on a server for security reasons, and expected the DB password would be changed as well. New is: it does not. This is a huge setback.
I see no option to do this, are we now forced to do this directly in mysql manually? Or is it not visible in the evo skin but visible in a different skin (I still use evo because of its loading speed and the local additional improvements, we use via javascipt injection for this).
 
@sec-is there is no need for manual MySQL access. DB user account passwords can be changed in:
  • Account Manager -> Databases -> Manage Users on Evolution.
  • User Level -> MySQL Management -> database name (in the Databases table)-> modify password (in the users table).
Please note, that having a DB account with the same password as DirectAdmin account is already a big security problem. DirectAdmin does not create DB accounts automatically and encourage users to only use DB accounts associated with a single DB not whole DA account.
 
fln said:
There is no need for manual MySQL access. DB user account passwords can be changed in:
  • Account Manager -> Databases -> Manage Users on Evolution.
  • User Level -> MySQL Management -> database name (in the Databases table)-> modify password (in the users table).
Please note, that having a DB account with the same password as DirectAdmin account is already a big security problem. DirectAdmin does not create DB accounts automatically and encourage users to only use DB accounts associated with a single DB not whole DA account.
Click to expand...
I agree on security issues.
The previous time I had to do this is on an account which has used your control panel for so many years (8+). They do use DB users, but the db-login 'per da account' was still there after so many years and 'easy' to use in phpmyadmin (without the user having access to D.A. at all).
I did change the passes in mysql myself, but it is good for others to know more about this change in D.A. (if they read this).
Thank you for the complete answer!
 
You must log in or register to reply here.
Back
Top