Re: [cobalt-users] mySQL connection to remote computers

[Kris Dahl <krislists@xxxxxxxxxxxxx>]

on 5/18/00 1:04 AM, Mike Fritsch at mfritsch@xxxxxxxxxxxx wrote:

> I have a user who wants privileges on his MySQL database so that he can
> connect his computer to it. Anyone see any problems with that? Anyone have
> any users who do this?

Well, there are a couple of issues that need to be raised first and
foremost.

Before you let anyone have access to MySQL be sure that you have the latest
version--there are several major security fixes.

If you don't have a firewall, you should set up in like your hosts.deny file
to deny everyone coming in from the outside who is trying to access the
mysql port (or any port you're not going to use).  Make an except statement
for the localhost/server that is access MySQL on that machine

So then you'll just have to make an exception on the port, and then grant
the user the privilege to get access from a specific IP that he/she
provides.  I wouldn't give them % permission for the IP address, as it is
typically standard procedure to allow a strict number of IP addresses that
are acceptable.

Also, you may want to take into account the bandwidth effects.  It will add
additional bandwidth that probably won't show up on your reports... so if
you are metering it is something to consider.

-k