Can a computer be hacked using MySQL???

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am really a new person using MySQL. We are working on a project
using MySQL and Visual Basic and writing code to make GUI in Excel
using Visual Basic and getting data from connecting to MySQL.

We were also sharing the files in which we had written the code. The
file had all the information relating to connecting to MySQL database.
i.e. Password etc.

Few minutes later I saw that my mouse suddenly moved without me moving
it and some websites also got automatically opened.

What could have happened?
1) Could someone has hacked into my computer using MySQL if they know
my password and IP address?

2) Can there be any malicious code written in macro in excel?

3) Can anyone access my desktop and play with it (like remote login)
through MySQL, if they know my password and IP address?

4) Is there a way to know if someone logged into my computer via.

I really do not know anything about servers and other stuff.
Any help will be highly appreciated?

Please let me know what could have happened and how can I prevent it
in future.



Re: Can a computer be hacked using MySQL???

responding to wrote:
ashah  wrote:

Quoted text here. Click to load it

Don't ever post any real user names and passwords on the Net, that's like
a first rule of Net safety.

But even without knowing the passwords it's possible to use MySQL and
execute code on the computer that runs MySQL server. Search for "SQL
injection" - it's a pretty commonly known vulnerability. It's also pretty
easy to stop - properly escape all user input to inoculate possible
executable code they may be sending.

Anyhow, you'd need to stop sharing the passwords (and change all existing
ones!) before the input escaping can work. Otherwise they can still send
queries containing unescaped commands by avoiding your software that does
the escaping.

I'm not much of a Windows person and cannot say exactly what damage can be
done this way but if someone you don't trust is able to run commands on
your computer, all bets are off. You might as well just kill the entire
system and rebuild it from scratch.

Good luck!


Re: Can a computer be hacked using MySQL???

Quoted text here. Click to load it

Sharing how?  Via public web pages?  FTP?  Email?

Quoted text here. Click to load it

Logging in to a MySQL server doesn't move your mouse.  
Was that *physically* moving the mouse, or just the mouse pointer moved?

If your mouse is really a touchpad, funny things can happen with
static electricity.  Sometimes on my laptop, the touchpad works
funny until I touch something likely to be grounded.

Quoted text here. Click to load it

Static electricity?  Flies?  Cockroaches?  Your cat?  Someone tripped
over the mouse cord?

Quoted text here. Click to load it

Yes.  But if you have MySQL listening only on a local socket, it's
harder, unless you've also got a web site on that machine and they
broke into that.  And then, it's probably easier to just hack the
web site and forget MySQL, if the idea is to get desktop access.

Quoted text here. Click to load it


There would need to be some software on your desktop to do that.
Going through MySQL is probably not nearly as easy as going through
a web server.  MySQL doesn't have built-in functions like

Quoted text here. Click to load it

Did you have the log active?  If they got in through the web server,
there may be problems distinguishing between YOUR queries and the
legitimate ones.

Quoted text here. Click to load it

Don't share passwords.  Give each person his own.
Unless there is a good reason for it, have MySQL listen only on the
local socket so it can be accessed only from other programs on the
local server.  

Site Timeline