From: kashani <kashani-list@badapple.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Network access to MySQL
Date: Tue, 29 Apr 2008 10:24:59 -0700 [thread overview]
Message-ID: <481759EB.9040306@badapple.net> (raw)
In-Reply-To: <200804291051.30317.peter@humphrey.ukfsn.org>
Peter Humphrey wrote:
> Having just installed mysql on my server, I've found that I have to set
> bind-address = 0.0.0.0 in /etc/mysql/my.cnf to enable me to connect to
> mysqld over the local network: leaving it at the default 127.0.0.1 causes
> connection requests to be rejected.
>
> Is there a more secure value for this parameter? I want to be able to
> connect over either of two network segments, 192.168.2.0/29 and
> 192.168.3.0/29, as well as locally on the server box. I've tried a compound
> setting in bind-address, but mysqld then refuses to start. 0.0.0.0 is the
> only setting I've found so far that lets me in.
>
I generally remove the bind setting so that Mysql listens on all IPs on
the box. You can then have firewall rules at your border or locally on
the box to control access to 3306. You can also set access on a per user
basis within mysql
GRANT CREATE,DELETE,INSERT,SELECT,UPDATE PRIVILEGES ON your_db.* TO
'your_user'@'localhost';
GRANT CREATE,DELETE,INSERT,SELECT,UPDATE PRIVILEGES ON your_db.* TO
'your_user'@'192.168.2.%';
and so on.
kashani
--
gentoo-user@lists.gentoo.org mailing list
next prev parent reply other threads:[~2008-04-29 17:25 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-29 9:51 [gentoo-user] Network access to MySQL Peter Humphrey
2008-04-29 13:15 ` Hamish
2008-04-29 17:24 ` kashani [this message]
2008-04-29 21:40 ` Mick
2008-05-03 8:25 ` Peter Humphrey
-- strict thread matches above, loose matches on Subject: below --
2009-01-28 16:13 [gentoo-user] Network access to mysql Peter Humphrey
2009-01-28 16:25 ` AllenJB
2009-01-28 16:28 ` Alejandro
2009-01-29 14:44 ` Peter Humphrey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=481759EB.9040306@badapple.net \
--to=kashani-list@badapple.net \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox