Urgent Mysql distant connection problem

T

tdldp

Verified User
Joined
May 9, 2005
Messages
153
Hi folks,

i've got a great problem that i can't solve myself for moment...

Our server needs to allow distant mysql access to any hosts (as ip changes everyday at all of our clients) and i can't allow myself or our clients to add each day the access host in DA for each database.

Is there a way to grant access to all hosts by putting ie : *.*.*.* or something equivalent, or where must i make changes allowing this ???

Thks very much for your help

Tdldp
 
Do You have try to comment Skip Networking and bind function in your my.cnf ?
 
found solution..

Thks to my server provider solution was following :

In mysql users replacing host : localhost,
all u need to put is a : %
It gains access to all ip adresses...

Thks anyway titam ;)

Tdldp
 
In addition of the solution you found to login from *anywhere.
This is not a very recommended solution, it would be much safer if you insert the IPs which you need to grant access to the database instead of allowing the whole world granting access !

If a vulnabilty occurs in your MySQL version everyone can access your database and overflow the exploit.

EDIT: I now read the startpost more thorougher, and concluded you have to deal with a dynamic IP... MySQL also found a solution to solve this problem, you can add in the same table ranges of hosts.
For example: If your ip is always in the range 192.168.1.x you replace the % for 192.168.1.%, now all the hosts within the 192.168.1.x is granted in your database !

For more information regarding to this topic please goto:
http://dev.mysql.com/doc/mysql/en/connection-access.html

Of course the safety problem isn't solved what I mentioned earlier, but this is a much safer solution because you do not allow *anyone* to your database.
 
Last edited:
distant access security problem

Yes i pretty much agree with you on the security risk of granting such access...
To many users of DA, range should be limited to only a limited number of ip's.
The problem i have is that i need to grant more flexibility in access as our clients connect to the database, via a mysql lib, inside a software our company developped. Our clients ip vary very often, in several ranges of ip's we do not not...

It is not only 1.2.3.% that needs to be granted. we can have 4 . 5 . % . % , or even other adresses ... This is pretty much a problem as server admin, as i cannot reasonnably ask our clients to call us each time their ISP modifies his ip range to ad it in the DB hosts.... An update is made on daily basis of the clients database and website via the software, so the least worse solution is finally granting all host access...
A current developpement is on the go giving us a return on a weekly basis of all the ips used during the week. From this we might restrict access to certain range of ips... but this has still to be tested...
 
Some ISP's only change the IP address, not the hostname.
MySQL also gives you the option to setup the granting for hostnames, and here you can also work with the '%' sign.

For example: if your clients have the name nld.<changing number>.chello.nl and the complete ip address changes, but not the hostname you could use something like this: nld.%.chello.nl.

Security still remains an issue, and I understand in this case why it sometimes is impossible. But think to the other side, what if you machine got hacked ? All your user info is stolen and the database server is brought down ! Data has been destroyed by a vulnability of MySQL.
As said I admit it is a problem, but try to sieze it !
 
You must log in or register to reply here.
Back
Top