Joe said... > marc wrote: > > What is the 'correct' way to configure MySQL for remote connections? > > > > The db in question is running fine and can be accessed via phpmyadmin, > > amongst other things. > > > > The default my.cnf has: > > > > bind-address - 127.0.0.1 > > > > When I comment this out (and restart the db), I can connect remotely - > > so user/password and privs are fine) but this leaves the db wide open. > > > > Say I want to provide remote access to 192.168.0.1. Can this be done via > > MySQL's config or must it be done via the firewall and removing bind- > > address? > > > > The machine is not on a fixed IP. > > > > I'd do it with the firewall, but MySQL has built-in provision for > client IP addresses. If you use phpmyadmin to look at privileges, > you'll see the users are all [EMAIL PROTECTED] entries, where address > is usually either localhost or %, the wildcard. It's possible to > create users that only have privileges from particular IP addresses, > where [EMAIL PROTECTED] has read privileges on all or just certain > databases, or just certain fields of certain tables of certain > databases, if you want to go that fine. [EMAIL PROTECTED] is a > completely separate user from [EMAIL PROTECTED], and may have a > different password, and certainly different privileges.
I understand how users and privileges work, but to do what you suggest must I remove bind-address from my.cnf? There is scant documentation on bind-address - the 1,400-page ref has six words: "The IP address to bind to", which is neither English nor very useful. If I can safely remove bind-address and manage access via user privs, then that's fine, it's just that I can't make head nor tail of it from the docs. > If you're coming in from outside, it's probably safer to tunnel > it over ssh and accept connections just from localhost, as now. > That way it doesn't care what IP address you're on, just whether > you have ssh credentials. Yes, but for admins coming in via M$ tools that's not yet the main priority. But I do concur ;-) Thanks, -- Best, Marc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
