The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Do you allow remote connections on mysql?

Discussion in 'General Discussion' started by kieranmullen, Dec 12, 2006.

?

Doyou allow remote connections to mysql

  1. Yes on default port

    7 vote(s)
    38.9%
  2. Yes on alternate port

    1 vote(s)
    5.6%
  3. No

    10 vote(s)
    55.6%
  1. kieranmullen

    kieranmullen Well-Known Member

    Joined:
    Aug 25, 2005
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Portland, OR USA
    Thinking of past sql issues worms etc...

    Do most hosts decide to only allow connections to mysql from localhost?

    I dont think many change the default port number. Although it might be a pin for clients, it could be an additional security measure.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    IMO, it's avery bad idea to leave port 3306 open to anyone to connect to. You expose the server to hackers through MySQL and allow clients to access (and abuse) MySQL databases on your server from sites hosted elsewhere.

    If you have to do it, I'd block the port in your firewall and allow through only specific IP addresses of known trusted users through port 3306.
     
  3. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    There are a large number of concrete reasons for disallowing all external MySQL connections
    that touch upon security, network reliability, server performance, and latency issues.

    I could probably sit and write a 50 page essay on the topic here but I am very busy
    at the moment and really don't have the time.

    Just know that it is never a good idea to use remote MySQL databases or allow others
    to connect to your MySQL database remotely.

    Bad, bad, bad idea! ;)
     
  4. GCIS

    GCIS Active Member

    Joined:
    Dec 12, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    If you allow remote MySQL connections, you need to use a whitelist with a default deny configuration. Allowing remote connections only from trusted hosts does not present as large of a security threat as the community seems to believe, but nevertheless, it does increase risk, mainly in the event that an allowed host is compromised by a malicious third party.


    If remote connections are used only for a specific and limited purpose, then the best solution is to use a PHP or perl script to process requests from that host, and make appropriate database changes through that script. This prevents a comprimise of a remote system from giving the attacker full control over a MySQL user account. In addition, SSL can be used between the remote system and the main database when making HTTP transactions; this prevents the (unlikely) problem of a malicious user capturing traffic as it passes from one datacenter to the next.
     
Loading...

Share This Page