* Andrew Boothman <[EMAIL PROTECTED]> [2004-01-23 03:28 +0100]: > I've got a box that has several IP addresses assigned to it, but I'd > like MySQL to listen on just one of those.
You can add "bind-address=YOURIPADDRESS" to the [mysqld]-section of my.cnf and then restart mysqld. See http://www.mysql.com/doc/en/Server_options.html for a list of configuration options like this. But this might not be safe enough. On some operating systems, arbitrary users can still run a fake mysqld (Trojan horse) listening on *:3306/tcp. At first view, this might not look dangerous, for the horse will only receive connections on the other interfaces (e.g. lo), while connections to YOURIPADDRESS go the the original mysqld. But: If your original mysqld closes its service for some reason (e.g. logrotate), 1.) the horse will receive connections on the YOURIPADRESS interface too, and thus get to know your mysql-users' passwords. 2.) the original mysqld might not come up again, unless it sets the SO_REUSEADDR socket option, which might not be the case for your binary distribution of mysqld. Afaik, there is no native way to tell mysqld to listen on multiple (but not all) interfaces. Maybe it's a solution to bind mysqld to localhost, forward a low port (that is: port number <1024) of the YOURIPADDRESS interface to it and let your clients connect to that low port. This would at least require the horse to have root privileges. -- Johannes Franken MySQL Professional mailto:[EMAIL PROTECTED] http://www.jfranken.de/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
