Requiring MYSQL passwords in Open Dental.

For complex topics that regular users would not be interested in. For power users and database administrators.
Post Reply
User avatar
Justin Shafer
Posts: 596
Joined: Sat Jul 28, 2007 7:34 pm
Location: Fort Worth, TX.

Requiring MYSQL passwords in Open Dental.

Post by Justin Shafer » Wed Oct 16, 2019 3:11 am

Since I have been told that 99% or 98% of OpenDental customers don't have a mysql password set... :idea: I think OpenDental.exe should take notice of this and occasionally remind customers to set a mysql password.

I was told this was called "Password Stickyness".. or something...

Is this ever going to be completed? What is the status? :)

User avatar
cmcgehee
Posts: 711
Joined: Tue Aug 25, 2015 5:06 pm
Location: Salem, Oregon

Re: Requiring MYSQL passwords in Open Dental.

Post by cmcgehee » Wed Oct 16, 2019 9:08 am

I do agree we should do this. I've submitted a job to implement this.
Chris McGehee
Open Dental Software
http://www.opendental.com

User avatar
Justin Shafer
Posts: 596
Joined: Sat Jul 28, 2007 7:34 pm
Location: Fort Worth, TX.

Re: Requiring MYSQL passwords in Open Dental.

Post by Justin Shafer » Sun Dec 01, 2019 7:40 am

Before ransomware starts gobbling data from mysql servers that it can easily access from a lan? Kinda far fetched but you never know as ransomware progresses.

Something to think about.

dqadri
Posts: 60
Joined: Mon Dec 24, 2007 10:55 pm
Location: Colonia, NJ
Contact:

Re: Requiring MYSQL passwords in Open Dental.

Post by dqadri » Mon Dec 02, 2019 4:03 pm

Recently I had an almost catastrophic loss of data because I was running MySQL 8 with an innoDB backend. The developers who helped to rescue me indicated that they had started discussions to migrate over to MariaDB?

One of the original issues I had with my mysql upgrade to v8 was enabling the legacy password option for mysql accounts for all incoming connections.
--
Danish Qadri, DMD

Lake Family Dentistry
296 Lake Ave
Colonia, NJ 07067

User avatar
cmcgehee
Posts: 711
Joined: Tue Aug 25, 2015 5:06 pm
Location: Salem, Oregon

Re: Requiring MYSQL passwords in Open Dental.

Post by cmcgehee » Mon Dec 02, 2019 5:09 pm

Dr. Qadri,

I'm glad it was "almost" and not a complete loss. We are currently at the research phase for migrating to MariaDB. We might decide not go through with it, or we might decide we'll support both MariaDB and MySQL going forward.
Chris McGehee
Open Dental Software
http://www.opendental.com

dqadri
Posts: 60
Joined: Mon Dec 24, 2007 10:55 pm
Location: Colonia, NJ
Contact:

Re: Requiring MYSQL passwords in Open Dental.

Post by dqadri » Mon Dec 02, 2019 6:27 pm

cmcgehee wrote:Dr. Qadri,

I'm glad it was "almost" and not a complete loss. We are currently at the research phase for migrating to MariaDB. We might decide not go through with it, or we might decide we'll support both MariaDB and MySQL going forward.
I had an unhandled exception during the database upgrade, which left my database in an unusable state. Unfortunately I didn't let the tech know that I was using InnoDB, and she tried to copy the backup MySQL database files to overwrite the current database files, which left me in a worse state because all of the internal references were off. I have now changed my backup protocol to dump the entire database in SQL.

I had upgraded after realizing that MySQL upgrades weren't a part of Open Dental upgrades and I was on the original DB from my initial install 5 years ago.
--
Danish Qadri, DMD

Lake Family Dentistry
296 Lake Ave
Colonia, NJ 07067

User avatar
cmcgehee
Posts: 711
Joined: Tue Aug 25, 2015 5:06 pm
Location: Salem, Oregon

Re: Requiring MYSQL passwords in Open Dental.

Post by cmcgehee » Tue Dec 03, 2019 7:38 am

Yeah, so few of our customers use InnodDB that our techs usually don't think to ask about it. We recently transitioned to InnoDB here at HQ, and it involved some difficulties for us as well.
Chris McGehee
Open Dental Software
http://www.opendental.com

User avatar
irfan
Posts: 216
Joined: Thu Oct 21, 2010 9:09 am

Re: Requiring MYSQL passwords in Open Dental.

Post by irfan » Sat Apr 04, 2020 6:23 am

I set up a demo dB on a cloud server I was testing. There was a prompt for a password but then I had service error so I didn’t actually set the password. Got MySQL running, forgot about the password and 9 hours later this demo dB was hit with ransomware asking for $359 in bitcoin. Luckily it was fake data, but ya this is a real threat. Plenty of bots out there pinging for open port 3306 and trying root/blank and then moving on to the next. Should absolutely be mandatory.

Post Reply