1 |
On Tuesday 29 April 2008 10:51:30 Peter Humphrey wrote: |
2 |
> Having just installed mysql on my server, I've found that I have to set |
3 |
> bind-address = 0.0.0.0 in /etc/mysql/my.cnf to enable me to connect to |
4 |
> mysqld over the local network: leaving it at the default 127.0.0.1 causes |
5 |
> connection requests to be rejected. |
6 |
> |
7 |
|
8 |
Yes. because 127.0.0.1 is the address of the LOOPBACK interface. An INTERNAL |
9 |
only pseudo network interface. 0.0.0.0 means that the local socket will be |
10 |
bound to no specific interface, and thus will accept inbound connections TO |
11 |
any IP address configured on the system. |
12 |
|
13 |
> Is there a more secure value for this parameter? I want to be able to |
14 |
> connect over either of two network segments, 192.168.2.0/29 and |
15 |
> 192.168.3.0/29, as well as locally on the server box. I've tried a compound |
16 |
> setting in bind-address, but mysqld then refuses to start. 0.0.0.0 is the |
17 |
> only setting I've found so far that lets me in. |
18 |
> |
19 |
|
20 |
Sorry, the question doesn't make sense... The security for connecting to the |
21 |
database is performed elsewhere. Either using IPTables (And specifying who |
22 |
can connect), and/or userid's with passwords specified for explicit hosts |
23 |
(Read up on the grant syntax in the mysql manual for details of granting |
24 |
access and how to limit. |
25 |
|
26 |
I'd recommend BOTH iptable and limited userid's myself. |
27 |
|
28 |
Hamish. |
29 |
-- |
30 |
gentoo-user@l.g.o mailing list |