Peter Humphrey wrote:
Having just installed mysql on my server, I've found that I have to set
bind-address = 0.0.0.0 in /etc/mysql/my.cnf to enable me to connect to
mysqld over the local network: leaving it at the default 127.0.0.1 causes
connection requests to be rejected.
Is there a more secure value for this parameter? I want to be able to
connect over either of two network segments, 192.168.2.0/29 and
192.168.3.0/29, as well as locally on the server box. I've tried a compound
setting in bind-address, but mysqld then refuses to start. 0.0.0.0 is the
only setting I've found so far that lets me in.
I generally remove the bind setting so that Mysql listens on all IPs on
the box. You can then have firewall rules at your border or locally on
the box to control access to 3306. You can also set access on a per user
basis within mysql
GRANT CREATE,DELETE,INSERT,SELECT,UPDATE PRIVILEGES ON your_db.* TO
'your_user'@'localhost';
GRANT CREATE,DELETE,INSERT,SELECT,UPDATE PRIVILEGES ON your_db.* TO
'your_user'@'192.168.2.%';
and so on.
kashani
--
gentoo-user@lists.gentoo.org mailing list
