| 1 |
On Tuesday 29 April 2008 10:51:30 Peter Humphrey wrote: |
| 2 |
> Having just installed mysql on my server, I've found that I have to set |
| 3 |
> bind-address = 0.0.0.0 in /etc/mysql/my.cnf to enable me to connect to |
| 4 |
> mysqld over the local network: leaving it at the default 127.0.0.1 causes |
| 5 |
> connection requests to be rejected. |
| 6 |
> |
| 7 |
|
| 8 |
Yes. because 127.0.0.1 is the address of the LOOPBACK interface. An INTERNAL |
| 9 |
only pseudo network interface. 0.0.0.0 means that the local socket will be |
| 10 |
bound to no specific interface, and thus will accept inbound connections TO |
| 11 |
any IP address configured on the system. |
| 12 |
|
| 13 |
> Is there a more secure value for this parameter? I want to be able to |
| 14 |
> connect over either of two network segments, 192.168.2.0/29 and |
| 15 |
> 192.168.3.0/29, as well as locally on the server box. I've tried a compound |
| 16 |
> setting in bind-address, but mysqld then refuses to start. 0.0.0.0 is the |
| 17 |
> only setting I've found so far that lets me in. |
| 18 |
> |
| 19 |
|
| 20 |
Sorry, the question doesn't make sense... The security for connecting to the |
| 21 |
database is performed elsewhere. Either using IPTables (And specifying who |
| 22 |
can connect), and/or userid's with passwords specified for explicit hosts |
| 23 |
(Read up on the grant syntax in the mysql manual for details of granting |
| 24 |
access and how to limit. |
| 25 |
|
| 26 |
I'd recommend BOTH iptable and limited userid's myself. |
| 27 |
|
| 28 |
Hamish. |
| 29 |
-- |
| 30 |
gentoo-user@l.g.o mailing list |
Archives