1 |
Peter Humphrey wrote: |
2 |
> Having just installed mysql on my server, I've found that I have to set |
3 |
> bind-address = 0.0.0.0 in /etc/mysql/my.cnf to enable me to connect to |
4 |
> mysqld over the local network: leaving it at the default 127.0.0.1 causes |
5 |
> connection requests to be rejected. |
6 |
> |
7 |
> Is there a more secure value for this parameter? I want to be able to |
8 |
> connect over either of two network segments, 192.168.2.0/29 and |
9 |
> 192.168.3.0/29, as well as locally on the server box. I've tried a compound |
10 |
> setting in bind-address, but mysqld then refuses to start. 0.0.0.0 is the |
11 |
> only setting I've found so far that lets me in. |
12 |
> |
13 |
|
14 |
I generally remove the bind setting so that Mysql listens on all IPs on |
15 |
the box. You can then have firewall rules at your border or locally on |
16 |
the box to control access to 3306. You can also set access on a per user |
17 |
basis within mysql |
18 |
|
19 |
GRANT CREATE,DELETE,INSERT,SELECT,UPDATE PRIVILEGES ON your_db.* TO |
20 |
'your_user'@'localhost'; |
21 |
GRANT CREATE,DELETE,INSERT,SELECT,UPDATE PRIVILEGES ON your_db.* TO |
22 |
'your_user'@'192.168.2.%'; |
23 |
|
24 |
and so on. |
25 |
|
26 |
kashani |
27 |
-- |
28 |
gentoo-user@l.g.o mailing list |