Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Do you allow remote connections on mysql?

Discussion in 'General Discussion' started by kieranmullen, Dec 12, 2006.


Doyou allow remote connections to mysql

  1. Yes on default port

    7 vote(s)
  2. Yes on alternate port

    1 vote(s)
  3. No

    10 vote(s)
  1. kieranmullen

    kieranmullen Well-Known Member

    Aug 25, 2005
    Likes Received:
    Trophy Points:
    Portland, OR USA
    Thinking of past sql issues worms etc...

    Do most hosts decide to only allow connections to mysql from localhost?

    I dont think many change the default port number. Although it might be a pin for clients, it could be an additional security measure.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. chirpy

    chirpy Well-Known Member

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess
    IMO, it's avery bad idea to leave port 3306 open to anyone to connect to. You expose the server to hackers through MySQL and allow clients to access (and abuse) MySQL databases on your server from sites hosted elsewhere.

    If you have to do it, I'd block the port in your firewall and allow through only specific IP addresses of known trusted users through port 3306.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Spiral

    Spiral BANNED

    Jun 24, 2005
    Likes Received:
    Trophy Points:
    There are a large number of concrete reasons for disallowing all external MySQL connections
    that touch upon security, network reliability, server performance, and latency issues.

    I could probably sit and write a 50 page essay on the topic here but I am very busy
    at the moment and really don't have the time.

    Just know that it is never a good idea to use remote MySQL databases or allow others
    to connect to your MySQL database remotely.

    Bad, bad, bad idea! ;)
  4. GCIS

    GCIS Active Member

    Dec 12, 2006
    Likes Received:
    Trophy Points:
    If you allow remote MySQL connections, you need to use a whitelist with a default deny configuration. Allowing remote connections only from trusted hosts does not present as large of a security threat as the community seems to believe, but nevertheless, it does increase risk, mainly in the event that an allowed host is compromised by a malicious third party.

    If remote connections are used only for a specific and limited purpose, then the best solution is to use a PHP or perl script to process requests from that host, and make appropriate database changes through that script. This prevents a comprimise of a remote system from giving the attacker full control over a MySQL user account. In addition, SSL can be used between the remote system and the main database when making HTTP transactions; this prevents the (unlikely) problem of a malicious user capturing traffic as it passes from one datacenter to the next.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice