Password Reset

youds

youds

Verified User
Joined
Jul 11, 2008
Messages
496
Location
Lancashire, UK
I love that you can re-send welcome emails and at the same time reset account passwords, brilliant Customer Support tool; one thing I've noticed however is that it also resets the MySQL user password when the database is added to the Control Panel, this can often produce unexpected results!!!
 
I dont see how that is possible. You should be creating independant mysql logins for your databases.
 
Yes it is possible.
If you setup a user in PHPMyAdmin called "customer" which access to all databases named "customer_%" and then resend "customer" account password from DA control panel it changes the database access passwords as well.
I've just bloody done it again. Resent welcome email and the database password got changed. Web site down £@%@£

How to stop this from happening, which scripts change the password for the account?
I presume it is because my users in PHPMyAdmin are setup with the same username as the account name but this shouldn't mean that when the account password changes it needs to tell phpmyadmin,???
 
There is some much wrong here.

You should not logging into phpMyAdmin with your main username and password and you should not be creating users there, that is what DA is for.

If you setup a user in PHPMyAdmin called "customer" ... then resend "customer" account password from DA control panel it changes the database access passwords as well
Click to expand...

As it should. It cannot simple resend the password. It has to create a new password. The assumption is that the original password has been forgotten and that is why you need it again.

But you should not be using this method anyway because if one database password is compromised then all your databases are compromised. Huge security risk doing it the way you are doing it.

You should have a database username in the form of mainusername_anothername for each database and also a unique password for each.

The only password that gets changed is for your main username for mysql. But you should not being using this anyway.
 
You must log in or register to reply here.
Back
Top