From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JqtZf-0007aa-4O for garchives@archives.gentoo.org; Tue, 29 Apr 2008 17:25:03 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4A4B7E0573; Tue, 29 Apr 2008 17:25:01 +0000 (UTC) Received: from www01.badapple.net (www01.badapple.net [64.79.219.163]) by pigeon.gentoo.org (Postfix) with ESMTP id 2D932E0573 for ; Tue, 29 Apr 2008 17:25:01 +0000 (UTC) Received: from [10.72.229.31] (nat-dip11.fw.corp.yahoo.com [209.131.62.120]) (Authenticated sender: ramin@badapple.net) by www01.badapple.net (Postfix) with ESMTP id 92D1926F4001 for ; Tue, 29 Apr 2008 10:25:00 -0700 (PDT) Message-ID: <481759EB.9040306@badapple.net> Date: Tue, 29 Apr 2008 10:24:59 -0700 From: kashani User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Network access to MySQL References: <200804291051.30317.peter@humphrey.ukfsn.org> In-Reply-To: <200804291051.30317.peter@humphrey.ukfsn.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 3b964d2e-ea90-4500-95e6-858bac3bc25d X-Archives-Hash: 58a36617e0e9a86d906130d4c29dabe4 Peter Humphrey wrote: > Having just installed mysql on my server, I've found that I have to set > bind-address = 0.0.0.0 in /etc/mysql/my.cnf to enable me to connect to > mysqld over the local network: leaving it at the default 127.0.0.1 causes > connection requests to be rejected. > > Is there a more secure value for this parameter? I want to be able to > connect over either of two network segments, 192.168.2.0/29 and > 192.168.3.0/29, as well as locally on the server box. I've tried a compound > setting in bind-address, but mysqld then refuses to start. 0.0.0.0 is the > only setting I've found so far that lets me in. > I generally remove the bind setting so that Mysql listens on all IPs on the box. You can then have firewall rules at your border or locally on the box to control access to 3306. You can also set access on a per user basis within mysql GRANT CREATE,DELETE,INSERT,SELECT,UPDATE PRIVILEGES ON your_db.* TO 'your_user'@'localhost'; GRANT CREATE,DELETE,INSERT,SELECT,UPDATE PRIVILEGES ON your_db.* TO 'your_user'@'192.168.2.%'; and so on. kashani -- gentoo-user@lists.gentoo.org mailing list