• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue How to (simply) access mysql from remote (sorry..again)

X

Xavier123

New Pleskian
Hi everybody,
I search a lot but i don't find out what i'm doing wrong..

I have plesk 12 on Ubuntu 14.04.2 LTS
I have created a database with "allow connection from xx.xx.xx.xx and xx.xx.xx.xx"
In the firewall, i have for mysql "allow incoming from all".

Despite of this, i can't access remotely to the database.
What did i miss ?
Thanks for the help : i'm on this for hours now and can't understand why that's not working. :(

Xavier
 
Hi Xavier123,

the default setting is localhost ( 127.0.0.1 ) in your "my.cnf". If you would really like to change that ( not recommended! ), edit it to for example:

Code: 
...
[mysqld]
...
bind-address    = XXX.XXX.XXX.XXX
# skip-networking

... where "XXX.XXX.XXX.XXX" has to be your server-IP. Restart MySQL after the change.
 
Hi UFHH01,
I did this :
- modified the rules in firewall : Mysql autorize only one static ip, let'say 101.102.103.104
- Create a database with a user autorised on the same ip : 101.102.103.104
- modified my.cnf by replacing 127.0.0.1 by the ip of my server.

Now, if i try to telnet from an ip not autorized with "telnet xx.xx.xx.xx 3306", i have connection refused. If i try this with the autorized ip, it works.

A simple question : as you wrote me "it's not recommended", is there a security risk with this configuration ?
Thanks :)
Xavier
 
Hi Xavier123,

Xavier123 said:
is there a security risk with this configuration ?
Click to expand...
Without starting a discussion, the answer is certainly "YES". Even the fact that you limit the remote access to one or two IPs, your MySQL - server is now reachable from "outside". I don't want to frighten you, but pls. consider to Google "mysql" "remote access" "security risk" and as well, pls. ask yourself, why the standart configuration is set to localhost only.
 
In fact, my question could be more accurate : if i autorize only one ip to connect to mysql on 3306, all other ip will have a "connection refused". How the port could be then attacked ? The only thing i could see is a potential security risk if the computer using the autorized ip is infected by a malware or virus. It can help a lot if you can explain what is the real security risk (i google as you told me, but people says merely that if there is only an ip, the risk is more than to be in localhost but less than a CMS not updated with php files not up to date (Joomla, Wordpress, etc..)...
Please explain :)
[EDIT] : to complete this, why Plesk include this option if we should'nt use this for security risk ?? I don't understand...
 
You must log in or register to reply here.

Similar threads

S
Issue Access to a database from another plesk server
Replies
3
Views
392
mow
M
S
Question Plesk and MySQL Connectivity Issues with IP Address 192.168.0.1
Replies
2
Views
6K
sofiasovel
S
A
Issue Command Line Utilities: Cannot set ACL for MySQL User?
Replies
3
Views
434
EvgeniyKovrizhnikov
EvgeniyKovrizhnikov
llucas
Question Remote access to server database
Replies
0
Views
164
llucas
llucas
iain
Question PCI compliance - Postfix EXPN/VRFY issue
Replies
1
Views
188
iain
iain
Back
Top