Securing Mysql


#1

For whatever reason I can access mysql.(mydomain).com
from any IP address whatso ever, not the the limited list of IP addresses in the database security, is there any way to limit access to mysql.?? Preferablly my IP address.


#2

If you’re actually able to make queries to your database from non-allowed IP addresses, you should contact Support.

-Scott


#3

[quote]For whatever reason I can access mysql.(mydomain).com
from any IP address whatso ever, not the the limited list of IP addresses in the database security, is there any way to limit access to mysql.?? Preferablly my IP address.[/quote]
It sounds like you have an extra (…and quite probably unwanted) “%” character somewhere in the database user security, but obviously there’s no way to check that in these fora. I usually use another (very trusted) third party to have a peek when I have a screw-up like this.

If that’s not the case, you have an issue that needs to be directed to DH support and not here.


#4

First off, you’re using PHPMyAdmin, and your SQL commands are coming from a Dreamhost web server. If you’re using the mysql command line command, or anything else that actually runs from your computer, then you have a problem. Except you’re not, http://mysql.yoursite.com redirects straight back to a dreamhost web server.

Go to the Manage MySQL section of the web panel, find the database, click on each user associated with it. If you see a % sign on a line by it’s self, then everyone’s allowed to connect to that user. Thats bad, enless you’re the type person who has a little business on the side selling credit card information (alas, devaluation of the SCC (stolen credit card) has rendered this business obsolete).

What consistently blows my mind is that every single goddamn piece of php/db driven stuff does db access wrong. If you’re making a store, you make ONE db user with read only priv, or is restricted to only some tables (can you do that with DH? Or even MySQL? You definitely can with Oracle). Then you have another, scarier write user. You don’t keep that user’s password in the site. That way when every single person who reads http://milw0rm.com sees that your cart software is listed, that you don’t end up with some extreme (or negative) discounts on merchandise.

What am I doing here anyway - it my day off. Maybe I should go to bed…

My presence here indicates that I have failed to find amusement in ingrown toenail removal.