Securing the Database

Forum for questions and support relating to the 1.28.x releases only.
Post Reply
Posts: 90
Joined: Fri Jul 31, 2015 7:56 pm

Securing the Database

Post by Zmjm15 » Thu Sep 03, 2015 10:46 pm

Hi guys,

I was just looking around the zm config files, and just saw in the zm.conf that the sql db details are as follows;

# Username and group that web daemon (httpd/apache) runs as

# ZoneMinder database type: so far only mysql is supported

# ZoneMinder database hostname or ip address

# ZoneMinder database name

# ZoneMinder database user

# ZoneMinder database password

# Host of this machine

Is this secure, can i change this? If so what else do i need to change? As im guessing that all ZM installs have these same credentials?

Many thanks

Posts: 2307
Joined: Mon Mar 26, 2012 11:40 am
Location: Pennsylvania

Re: Securing the Database

Post by bbunge » Fri Sep 04, 2015 12:05 am

Secure? Sure if your MySQL server access is restricted to localhost for the user zmuser and the rest of your server has not been hacked. I'm sure there is someone who could make short work of getting into just about any server.

I might say don't worry, be happy and get rid of your paranoia.. But as Ronny Regan said..."trust but verify"...

Posts: 90
Joined: Fri Jul 31, 2015 7:56 pm

Re: Securing the Database

Post by Zmjm15 » Fri Sep 04, 2015 1:28 am

Just checking....

So is the db user access restricted to local user by default?

Also while we're on the subject,

Is there any chance of malicious input being used to hack the database from the login page (cross site scripting etc)?

Many thanks

Posts: 4
Joined: Sun Jul 30, 2017 9:06 pm

Re: Securing the Database

Post by gipsea » Sun Jul 30, 2017 9:14 pm

Hi there,

although few years after I still have a similar issue.

In other terms I've different web applications running on my server and MYSQL has the securyty option about password (don't remember the exact package name)

Is there any way like this to customize the zm.conf file before install the package?

The only think I can come up with is to download the .deb, edit the specific file and than install the updated .deb.

It is possible?

Is there any way to install using a specific zm.conf file overriding the default one?

Thanks for your help

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests