Do you allow remote connections on mysql?

Doyou allow remote connections to mysql

  • Yes on default port

    Votes: 7 38.9%
  • Yes on alternate port

    Votes: 1 5.6%
  • No

    Votes: 10 55.6%

  • Total voters
    18

kieranmullen

Well-Known Member
Aug 25, 2005
165
0
166
Portland, OR USA
Thinking of past sql issues worms etc...

Do most hosts decide to only allow connections to mysql from localhost?

I dont think many change the default port number. Although it might be a pin for clients, it could be an additional security measure.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,465
30
473
Go on, have a guess
IMO, it's avery bad idea to leave port 3306 open to anyone to connect to. You expose the server to hackers through MySQL and allow clients to access (and abuse) MySQL databases on your server from sites hosted elsewhere.

If you have to do it, I'd block the port in your firewall and allow through only specific IP addresses of known trusted users through port 3306.
 

Spiral

BANNED
Jun 24, 2005
2,020
8
193
There are a large number of concrete reasons for disallowing all external MySQL connections
that touch upon security, network reliability, server performance, and latency issues.

I could probably sit and write a 50 page essay on the topic here but I am very busy
at the moment and really don't have the time.

Just know that it is never a good idea to use remote MySQL databases or allow others
to connect to your MySQL database remotely.

Bad, bad, bad idea! ;)
 

GCIS

Active Member
Dec 12, 2006
26
0
151
If you allow remote MySQL connections, you need to use a whitelist with a default deny configuration. Allowing remote connections only from trusted hosts does not present as large of a security threat as the community seems to believe, but nevertheless, it does increase risk, mainly in the event that an allowed host is compromised by a malicious third party.


If remote connections are used only for a specific and limited purpose, then the best solution is to use a PHP or perl script to process requests from that host, and make appropriate database changes through that script. This prevents a comprimise of a remote system from giving the attacker full control over a MySQL user account. In addition, SSL can be used between the remote system and the main database when making HTTP transactions; this prevents the (unlikely) problem of a malicious user capturing traffic as it passes from one datacenter to the next.