Hack 97. Allow an Anonymous Account

You can allow anonymous users into your SQL database if you take some precautions first.

Before you allow the public into your server, you need to set up an anonymous account to read and write with the permissions that you are prepared to allow. In addition, you need to make sure that the anonymous user cannot change the password. If one user changes the password, the next anonymous user will not be able to get into the system.

You should accept that it will be very difficult to defend yourself against a conscious denial-of-service attack, but you can take steps to defend your server against incompetent users who unwittingly set off expensive queries [Hack #98].

You can allow access from a web-based interface [Hack #100], or you can allow users to connect to your server using clients running on their own machines. There are two problems associated with the client approach: first, you must open the appropriate ports in your firewall; and second, your users must obtain and install the relevant client.

12.2.1. A Limited MySQL Account

By default, MySQL allows anonymous access for users on the same host. MySQL will allow the user anonymous (or indeed, any unused account name) to connect to the database, provided they are coming from the localhost host. Unless you specify otherwise, such users are allowed only to use the database test. Here's how to grant access [Hack #94]:

GRANT SELECT ON tableName TO ''@localhost

The MySQL permissions system can seem confusing. If someone logs on to MySQL as hawkeye when no such account exists, they appear to be user hawkeye@localhost but they have the permissions of ''@localhost:

andrew@SQLZoo3:~> mysql -u hawkeye
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 33315 to server version: 5.0.18-standard

Type 'help;' or 'h' for help. Type 'c' to clear the buffer.

mysql> use mysql;
ERROR 1044 (42000): Access denied for user ''@'localhost' to database 'mysql'
mysql> SELECT CURRENT_USER;
+--------------+
| CURRENT_USER |
+--------------+
| @localhost |
+--------------+
1 row in set (0.00 sec)

mysql> SELECT user( );
+-------------------+
| user( ) |
+-------------------+
| hawkeye@localhost |
+-------------------+
1 row in set (0.00 sec)

It is important to note that it is impossible for the anonymous user to change the password:

mysql> SET PASSWORD FOR hawkeye@localhost=PASSWORD('tiger');
ERROR 1133: Can't find any matching row in the user table
mysql> SET PASSWORD FOR ''@localhost=PASSWORD('tiger');
ERROR 1044: Access denied for user: '@localhost' to database 'mysql'

 

12.2.2. A Limited SQL Server Account

SQL Server allows two mechanisms for authentication: Windows authentication and SQL Server authentication. If you use the Windows authentication method, you check and set passwords outside the SQL Server system.

You need to set up an operating system account for this purpose, and you should ensure that this account has only limited privileges on your filesystem because it is possible to set off operating system commands from with the SQL Server language. The stored procedure, xp_cmdshell, allows SQL users to execute operating system commands, but the command is blocked by default.

If the xp_cmdshell stored procedure is blocked and your anonymous users are logged in to SQL Server using Windows authentication, there is no way for the anonymous user to set or change the password.

12.2.3. A Limited PostgreSQL Account

In PostgreSQL, there are several mechanisms for authenticating users. If you use Kerberos authentication or Ident-based authentication (as described in Section 6.2 of the manual located at http://www.postgresql.org/docs/7.3/interactive/auth-methods.html), the user's password may not be changed. As with SQL Server, you will need to set up an operating system account in such a way that the user cannot change that password.

12.2.4. A Limited Oracle Account

Oracle has plenty of options aimed at forcing users to change their passwords at regular intervals, but it does not have a command to prevent password changes. You can use a sneaky trick if you want to prevent a password change altogether. PASSWORD_VERIFY_FUNCTION allows system administrators to veto weak passwordstypically is it used to prevent short passwords. You can implement a password policy that is so strict that no password will ever be good enough. This neatly prevents our anonymous user from changing the password:

CREATE OR REPLACE FUNCTION no_pw_good_enough 
(
userid_parameter VARCHAR2,
password_parameter VARCHAR2,
old_password_parameter VARCHAR2
)
RETURN boolean IS
BEGIN 
 RETURN FALSE;
END;
/

With a function that always rejects the new password, you can force it on the anonymous account to ensure that no password change is possible:

ALTER PROFILE anonProfile LIMIT
PASSWORD_VERIFY_FUNCTION no_pw_good_enough;

ALTER USER anonymous PROFILE anonProfile


SQL Fundamentals

Joins, Unions, and Views

Text Handling

Date Handling

Number Crunching

Online Applications

Organizing Data

Storing Small Amounts of Data

Locking and Performance

Reporting

Users and Administration

Wider Access

Index



SQL Hacks
SQL Hacks
ISBN: 0596527993
EAN: 2147483647
Year: 2004
Pages: 147

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net