Can I connect to a remote MySQL db?


#1

Hi,

I’m in the process of moving a Mambo CMS site from 1and1 to Dreamhost. As this will mean some DNS repointing and propagation, I’d like the site to run from the existing 1and1 database until all propagation is complete. The site is a community site and the database in changing constantly.

However, attempts to link to the remote MySQL db in the Mambo config file don’t result in the site coming up. I know that the host, usr, and pwd details of the remote db are correct.

Is it just that these kinds of things aren’t generally allowed?

Cheers,
t


#2

They aren’t allowed because it’s a bid security risk.
You need to edit your users on the 1and1 account. You need to add your domain name/ip (if you have/know it) to the allowed access points. I don’t know if you can do this from your 1and1 panel having never hosted site with them.

But you can allow other sites to access your DH DB from the DH panel by going to Goodies->SQL->Edit User and adding the ips/hosts you would allow access to.


#3

Thanks for the info. I guess I don’t understand the risk - after all you need the db username/password/name etc. to gain access. In that sense it’s no more insecure than accessing a web control panel or FTP site…


#4

Well. If I could access your database from my home computer I could generate a script that brute forced your user/password. People generally include connection strings/information (minus password) which includes user name and where they connect to. So I only need to brute force the password. Of course it would appear on your logs and slow the server down when trying to connect so many times, but especially if using dictionary words as passwords I could just sit at home and access your db =). Control panels usually have some sort of flood control and protection. Maybe the dbs here do too?


#5

MySQL’s protocol is also not encrypted, so if you access it across the internet at large there’s a risk of sniffing both the data being slung back and forth as well as the login info.

That’s why we disable public access to customer databases by default. I imagine 1&1 does the same.

nate.