Archive for the ‘MySQL’ tag

How secure is your hosting?   no comments

Posted at 12:22 pm in Hosting,MySQL
secure How secure is your hosting?

Secure Hosting?

How secure is your hosting? I’m just in the middle of speaking to a hosting company, who shall remain nameless for now, on who’s server I can see someone else’s database.

A company, I provide consultancy to, have a Windows based virtual server for a specific project. The host provides MSSQL and MySQL databases which run on dedicated servers. You create the database through a web based control panel like most other hosting companies. Once created, I access the database from my laptop using SQLYog (which is a pretty good MySQL front end) and manipulate it from there.

Today I have connected to the database to check a field that the developer has misspelled and I see a second database. Being an honest citizen I take a backup of the database for evidence and contact the hosting company. I telephone them rather than email since it could be a severe security breach. The operator is a level one support person who doesn’t understand what I’m talking about, let alone what to do next, so he instructs me to use the ‘live chat’ on the website. I visit the website and launch the live chat where I’m met by another limited knowledge operator who fails to comprehend the seriousness of the problem. He suggests it may be my settings or a problem at my end.

I respond to this with a polite suggestion that it’s more likely to be a problem with security on their server. Given by the response from this operator I know they also don’t have a clue, so I ask them to get someone to call me to discuss this serious security problem.

Ten minutes later someone called me, not sure as yet how serious he thinks it is but he took some details and promised to get back within 15 minutes.

I await the next phone call…

UPDATE 26th January 2009

I was asked to email the windows support team with all the details. I got an email back saying they had contacted the customer of the other database and asked them to fix the security on their database. I can no longer see the other database.

Panic over and not a real problem for me but it leaves me with two questions:

  1. Should the hosting provider’s system let the customer open up the security of the database.
  2. How serious did the hosting provider take my concern.

The provider was eukhost.

Written by Richard on January 19th, 2010

Tagged with , ,

stop spam