On Tuesday 29 April 2008 10:51:30 Peter Humphrey wrote: > Having just installed mysql on my server, I've found that I have to set > bind-address = 0.0.0.0 in /etc/mysql/my.cnf to enable me to connect to > mysqld over the local network: leaving it at the default 127.0.0.1 causes > connection requests to be rejected. >
Yes. because 127.0.0.1 is the address of the LOOPBACK interface. An INTERNAL only pseudo network interface. 0.0.0.0 means that the local socket will be bound to no specific interface, and thus will accept inbound connections TO any IP address configured on the system. > Is there a more secure value for this parameter? I want to be able to > connect over either of two network segments, 192.168.2.0/29 and > 192.168.3.0/29, as well as locally on the server box. I've tried a compound > setting in bind-address, but mysqld then refuses to start. 0.0.0.0 is the > only setting I've found so far that lets me in. > Sorry, the question doesn't make sense... The security for connecting to the database is performed elsewhere. Either using IPTables (And specifying who can connect), and/or userid's with passwords specified for explicit hosts (Read up on the grant syntax in the mysql manual for details of granting access and how to limit. I'd recommend BOTH iptable and limited userid's myself. Hamish. -- gentoo-user@lists.gentoo.org mailing list
