Jump to content

Upgrade to 3.0.10 issue

Guest walmarc

By Guest walmarc
in Install & Upgrade Support

 Share

Recommended Posts

Guest walmarc

Guest walmarc

Posted
Posted

Hi

The readme.txt in 3.0.10 says:

"Make sure you have installed a MySQL Database which has a user assigned to it

DO NOT USE YOUR ROOT USERNAME AND ROOT PASSWORD"

This is a major issue in cPanel, which requires all MySQL databases created to have the prefix rootusername_.

While it is possible to create other users, they will still have the "rootusername" prefix. I was hoping to complete an upgrade via the changelog but given the new requirement for "build" and upload of created files to the database this does not seem possible.

A further issue that seems apparent is that in Devellion creating the global.inc.php and dump.sql, they would appear to have the ability to gain access to the admin panel and possibly the MySQL database. If so this would be totally unnaceptable and possibly in breach of privacy laws.

Appreciate any comments/reassurances about the new installation process, and any thoughts on a solution for cPanel users.

Regards :)

Link to comment
Share on other sites

Guest hennaboy

Guest hennaboy

Posted
Posted

I dont believe that is true. Unless Cpanel has been specifically configured by you or your webhost to create the mysql username with that prefix.

Having not used Cpanel for some time i do tend to recall that it assigns Mysql users as databasename_yourchosenuser_. are you sure that what your reading is not just an example of how the user will be setup?

I find it highly unlikely - and this is having spoken to Cpanel themselves over many years - that they would start using the mysql root username as the starting prefix for mysql users. I think that you have misread.

As for the global.inc file and the dump.sql

1. The global inc you have to fill in. This does not contain your user details for access. So no possible way for Devillion Ltd to access.

2. Dump.sql requires your mysql user/pass. Again something Devillion Ltd does not have. Therefore they cannot access.

For every update the upgrade instructions do state dont overwrite your global.inc file. This is because the file they supply is blank - no user details. Therefore if you overwrite it you cannot access your cart, database etc.

Finally. The whole updgrade system is quite secure if you look at the coding. Its not simply a run this script system. It uses the authentication built in to Cubecart. Again this is something that Devellion Ltd do not have access too unless you supply them with it (and its highly unlikely they would ask unless you was requiring specific support)

Link to comment
Share on other sites
Guest walmarc

Guest walmarc

Posted
Posted

Hi hennaboy and many thanks for the prompt and detailed reponse. You have averted my paranoia and I apologise for my misinterpretation.

When I contacted support at my hosting company asking if they could set up a database with a user other than my root username, this is what they said:

"Hmm... this sounds a little strange? So Cubecart require the MySQL Database username to not have the "cPanel" username in it at all? Gosh thats going to cause a lot of trouble for many users? Am I understanding this correctly? Because you can only setup MySQL Databases and their users with the "cpanelusername_ " prefix at the start. If you go outside of this then quotas get messed up and backups fail etc."

As it stands, I manage my sites from WHM & cPanel. If I amended the root username and password in WHM, it causes a re-sync of corresponding usernames and passwords in mySQL. The format for cPanel database creation is cpanelusername_database name, not the other way around. If brooky wants I will set up a test cPanel domain for him so that he can explore the processes etc.

:)

Link to comment
Share on other sites
Guest EverythingWeb

Guest EverythingWeb

Posted
Posted

Hello,

I'm not a huge advocate of Cpanel, however I would be very surprised if they didn't do cpaneluser_specificusername as the format for their MySQL Connections.

FYI; The server which is running this website is based on Cpanel, so the latest builds are always checked for compatibility. Thanks for the offer though.

:)

Link to comment
Share on other sites
Guest walmarc

Guest walmarc

Posted
Posted

I'm not a huge advocate of Cpanel, however I would be very surprised if they didn't do cpaneluser_specificusername as the format for their MySQL Connections.

FYI; The server which is running this website is based on Cpanel, so the latest builds are always checked for compatibility. Thanks for the offer though.

:o

No problem,

My Hosting company has cPanel 10.8.1-RELEASE 113

The cPanel instructions re user creation under MySQL Account Maintenance say:

"Steps

1 To access the MySQL Account Maintenance Menu, click on the icon above the words MySQL Databases on the main screen of your cPanel interface.

2 Select the user (the user will appear as mainuser_user) you wish to grant permissions for from the drop box next to User:

3 Select the database (the database will appear as mainuser_database) you wish to give that user access to from the drop box next to Db:

4 Select any privileges (abilities to modify the database) you wish the user to have by checking the box next to the privilege's name.

5 Click on Add User to Db to give the user permission to access the database."

Note the comments above that the user will appear as mainuser_user and the database will appear as mainuser_database. i.e. mainuser is the root user cpanelusername_.

If your cPanel doesn't work this way could you please advise because I'm stumped! :)

Edit: see http://www.cpanel.net/docs/cpanel/ refer to MySQL Databases > Grant a user's permissions to a MySQL database

Link to comment
Share on other sites
Guest hennaboy

Guest hennaboy

Posted
Posted

Is there any specific reason why you dont wish to use the default Cpanel prefix for the mysql user?

I dont see why it is a problem

Link to comment
Share on other sites
Guest walmarc

Guest walmarc

Posted
Posted

Is there any specific reason why you dont wish to use the default Cpanel prefix for the mysql user?

I dont see why it is a problem

I'm comfortable with it but unless I'm misunderstanding brooky's readme.txt instructions for 3.0.10 which say

"Make sure you have installed a MySQL Database which has a user assigned to it

DO NOT USE YOUR ROOT USERNAME AND ROOT PASSWORD"

there is some reason I shouldn't be comfortable. Could someone please explain why the above statement is capitalised if it's not a security risk to have a db setup using your root username and password?

Edit: I can setup a user with a different name for the database e.g. rootusername_user, and a different password. However I'm unsure how to amend global.inc.php to reflect this given the password is encrypted when I open the global.inc.php file? It would still have the prefix rootusername_ which is what brooky appears to be warning against?

Link to comment
Share on other sites
Guest hennaboy

Guest hennaboy

Posted
Posted

Ah ok.... basically using the servers main Root user/password for Mysql is a bad idea as if someone did manage to get hold of it (and thats a if - doesnt mean that it is easily done) then they would have access to every database on the entire server.

So its a precaution for your actual webhost to not use this. Some people do as they dont like to have more usernames/passwords than they can actually remember!

You as a webhosting customer dont know this root user/password anyway so you dont have anything to worry about

Link to comment
Share on other sites
Guest walmarc

Guest walmarc

Posted
Posted

Ah ok.... basically using the servers main Root user/password for Mysql is a bad idea as if someone did manage to get hold of it (and thats a if - doesnt mean that it is easily done) then they would have access to every database on the entire server.

So its a precaution for your actual webhost to not use this. Some people do as they dont like to have more usernames/passwords than they can actually remember!

You as a webhosting customer dont know this root user/password anyway so you dont have anything to worry about

Oh I see - so it is the SERVER's root username and password brooky is warning against (which I don't have) NOT the cpanelusername and password? Would it still be advisable to set up a different user for the database than the root account? If so, could someone please help me with my global.inc.php edit as mentioned above?

Many thanks :)

Link to comment
Share on other sites
Guest hennaboy

Guest hennaboy

Posted
Posted

Simply login to your cpanel. Create the database you wish to use for cubecart and then create and add a user for it.

Then in your global.inc file specify the database name and user/password as you have created and then upload that file. Or go through the installation proceedure and specify it in there where required.

ALL users that you setup will be specific to your account ONLY. It has nothing to do with the server root user at all.

Just looks like there has been some major confusion with what is actually root. Root is the server admin.

Your root is your account. It does not have the same rights or access as the server admin root. Completely different and no matter what user you create it will not be related or given the same rights or permissions as server root.

Link to comment
Share on other sites
Guest walmarc

Guest walmarc

Posted
Posted

Simply login to your cpanel. Create the database you wish to use for cubecart and then create and add a user for it.

Then in your global.inc file specify the database name and user/password as you have created and then upload that file. Or go through the installation proceedure and specify it in there where required.

ALL users that you setup will be specific to your account ONLY. It has nothing to do with the server root user at all.

Just looks like there has been some major confusion with what is actually root. Root is the server admin.

Your root is your account. It does not have the same rights or access as the server admin root. Completely different and no matter what user you create it will not be related or given the same rights or permissions as server root.

Thank you hennaboy,

Yes I was totally confused - sorry about the misunderstanding. As for global.inc.php when I look at the file in notepad or via my ftp client, the password looks nothing like my real one - i.e. it is encypted - a mixture of lower and upper case letters that bear no resemblance to my password. I guess what I'll do is setup a new installation using my new password, and copy the password encyption to my new db user's global.inc.php. I'd just hoped there may have been a way to edit the password manually?

Thanks to all who have responded - much appreciated and again, my apologies for my confusion.

Regards

christravers :)

Link to comment
Share on other sites
Guest hennaboy

Guest hennaboy

Posted
Posted

If it has been encypted then i suspect that this is something cpanel has done when installing.

If someone wants to correct me if im wrong but the installation of cubecart doesnt encrypt the password written to global.inc

Link to comment
Share on other sites
Guest walmarc

Guest walmarc

Posted
Posted

If it has been encypted then i suspect that this is something cpanel has done when installing.

If someone wants to correct me if im wrong but the installation of cubecart doesnt encrypt the password written to global.inc

Many thanks,

Yes I guess it is cPanel/Fantastico that does it. I'll try the "install a test site with the new password and a copy and paste into global.inc" method.

Many Thanks :blink:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...