Is it better to allow external incoming TCP connections to MySQL 3306 or not?

[Smaily]

I have webserver offering domains, apache, mysql, mail.
Now some clients are interested in getting feature to be able to connect another server into my MySQL server.

I have no clue if that would eventually be a bad decision to allow TCP incoming to 3306 through firewall or not.

By my experience it has been a bad idea to do so. Any good or bads are welcome to discuss here?

 

[quizknows]

On cPanel systems, even if 3306 is open, remote connections are denied by MySQL itself unless you explicitly allow the remote IP permissions to access MySQL.

Usually I recommend keeping the port closed unless your host acts as a dedicated database server. Also, remote MySQL will be very slow unless the servers are connected together on a private network in the same data center.

 

[cPanelMichael]

Hello

Allowing inbound connections to port 3306 will allow remote servers to access MySQL on your system as long as their IP address is authorized. Sometimes end-users will need to access their database remotely if they are using a third-party application on their desktop, or if their website is hosted on another server.

Thank you.