Re: Remote MySQL connect

[Joe <joe@jretrading.com>]

marc wrote:
> What is the 'correct' way to configure MySQL for remote connections?
>
> The db in question is running fine and can be accessed via phpmyadmin, 
> amongst other things.
>
> The default my.cnf has:
>
>   bind-address - 127.0.0.1
>
> When I comment this out (and restart the db), I can connect remotely - 
> so user/password and privs are fine) but this leaves the db wide open.
>
> Say I want to provide remote access to 192.168.0.1. Can this be done via 
> MySQL's config or must it be done via the firewall and removing bind-
> address?
>
> The machine is not on a fixed IP.

I'd do it with the firewall, but MySQL has built-in provision for
client IP addresses. If you use phpmyadmin to look at privileges,
you'll see the users are all user@address entries, where address
is usually either localhost or %, the wildcard. It's possible to
create users that only have privileges from particular IP addresses,
where fred@192.168.0.1 has read privileges on all or just certain
databases, or just certain fields of certain tables of certain
databases, if you want to go that fine. fred@192.168.0.1 is a
completely separate user from fred@localhost, and may have a
different password, and certainly different privileges.

If you're coming in from outside, it's probably safer to tunnel
it over ssh and accept connections just from localhost, as now.
That way it doesn't care what IP address you're on, just whether
you have ssh credentials.