[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] MYSQL Variables

Subject: Re: [cobalt-users] MYSQL Variables
From: Anthony <austservices@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun Apr 8 11:40:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Fri, 6 Apr 2001, Danny Daniels wrote:

> > > I simply want to disable mysql from running a socket connection
> > > on port 3306
> > > or any other port !
> >
> > Uh, how are you going to connect to it if you disable the port? Unless
> > you plan on grabbing it by its rear quarters and mounting it from behind,
> > you are going to need a port. You don't have to accept the default; but
> > it's a database SERVER application and by definition it binds to a port
> > and accepts connections from CLIENTS, including PHP, and yes, even from
> > localhost. It won't run at all if it can't find a port to bind to. MySQL
> > gets very high marks consistently for their security and running MySQL as
> > an unpriveleged user; and further availing yourself of MySQL's sensible
> > grant table scheme, you can allow this without an unreasonable risk of
> > compromise.
> 
> The difference here is that any connection  made to the mysql socket will be
> made internally (localhost)
> There will be no outside application connecting to my DB. Because  of this I
> see no reason for this port to open.
> I am missing something ?
> Could an entry be made to  /etc/hosts.deny (tcp-wrappers)
> Now I have read mutliple secuitry posting elsewhere that suggest disabling
> port 3306 to be a good idea.
> "I just want to make I have all my ducks in row !"


I still think you have missed the point.

With MySQL there is No way to access the DB's with TCP Socket
connection. You need a port open somewhere so that even localhost can OPEN
a socket to the MySQL DB's. PHP and even mysql -u (username) -p database
cause's a Socket connection using TCP Socket.

As was stated eariler you need a socket to connect to but you don't have
to use the default port you can change it to anyother port you like.


Hope this helps a little better.

Me


> 
> > As has been mentioned on this list several times, tongue in cheek but
> > nonetheless true, your security nightmare started when you hooked it to
> the
> > net.
> 
> Thats why I posted the question.
> 
> Also, thanks for posting back.
> 
> -Danny
>  dcd@xxxxxxxxxxxxxxxxxx
> 
> 
> 
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

Follow-Ups:
- Re: [cobalt-users] MYSQL Variables
  - From: Jens Kristian Søgaard
- Re: [cobalt-users] MYSQL Variables
  - From: Danny Daniels

References:
- Re: [cobalt-users] MYSQL Variables
  - From: Danny Daniels

Prev by Date: Re: OT RE: [cobalt-users] Hosting security issue
Next by Date: RE: [cobalt-users] Re: fpx.httpd.conf
Previous by thread: Re: [cobalt-users] MYSQL Variables
Next by thread: Re: [cobalt-users] MYSQL Variables

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index