[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] MYSQL Variables
- Subject: Re: [cobalt-users] MYSQL Variables
- From: "Danny Daniels" <dcd@xxxxxxxxxxxxxxxxxx>
- Date: Fri Apr 6 08:38:52 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> > I simply want to disable mysql from running a socket connection
> > on port 3306
> > or any other port !
>
> Uh, how are you going to connect to it if you disable the port? Unless
> you plan on grabbing it by its rear quarters and mounting it from behind,
> you are going to need a port. You don't have to accept the default; but
> it's a database SERVER application and by definition it binds to a port
> and accepts connections from CLIENTS, including PHP, and yes, even from
> localhost. It won't run at all if it can't find a port to bind to. MySQL
> gets very high marks consistently for their security and running MySQL as
> an unpriveleged user; and further availing yourself of MySQL's sensible
> grant table scheme, you can allow this without an unreasonable risk of
> compromise.
The difference here is that any connection made to the mysql socket will be
made internally (localhost)
There will be no outside application connecting to my DB. Because of this I
see no reason for this port to open.
I am missing something ?
Could an entry be made to /etc/hosts.deny (tcp-wrappers)
Now I have read mutliple secuitry posting elsewhere that suggest disabling
port 3306 to be a good idea.
"I just want to make I have all my ducks in row !"
> As has been mentioned on this list several times, tongue in cheek but
> nonetheless true, your security nightmare started when you hooked it to
the
> net.
Thats why I posted the question.
Also, thanks for posting back.
-Danny
dcd@xxxxxxxxxxxxxxxxxx