• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

MySQL matters : external access

M

MaRiOs

Guest
By default u cannot log in sql with any external way like using MySQL Administrator cause u have to be like 'user@localhost' and it wont let u log in if you have something like '[email protected]' .

This can be changed manually from somwhere in the tables of plesk sql and let u login by any ip address u are.
But is that secure? or it will be dangerous for hackin in the server ?
(i'm thinkin if this is any vunerablity of plesk)

Has anyone test it here ?
 
Generally, it's a bad idea to allow connections from outside of the server, unless you need it. As with any type of external access, you are opening up another port/application for the bad guys to exploit. Do it on a case by case basis.
 
What do you mean by case basis ?
only for some specific accounts ?
 
So i want to change that.
I want all of my clients to be able to access MySQL from any ip they are.Full remote access.

1.Can i do that throught plesk ? enable i ?

2.I want to allow that to all the user except the Admin of mysql.
 
I think what he meant by 'case by case basis' is that as the hosting admin, you would need to evaluate each client's request to see if you really think it is necessary.

Giving *full* access from *all* ips will allow anyone in the world to get to your databases, of course they would need a valid user/pwd, but all it takes would be for one client to have a simple password which could be broken by a dictionary attack and you would then be in some serious trouble.

If you really insist on doing this, then read http://forum.sw-soft.com/showthread.php?threadid=22362
and then make sure your firewall is configured to allow the port (not blocked). Good Luck and remember, you have been forewarned of imminent danger!

Also, why would you want to give access to all users, but not the admin?

Plesk CP does not have this 'built in', you would need to modify the database as outlined in the other thread above.
 
Cause lets say that a simple user has a Myslq database for his own needs and he wants to do a backup of it everyday.

If the user has chrooted shell acces he cant use any msql backup commands.
how he will be able to do backups by his own ? and not having to trouble the administrator ?
is there any other way ?
 
I think its fair to say: yes!!! theres a lot of other more secure options...

If the user only needs access to MySQL from outside the box to make a backup heres a couple of suggestions:

1) use phpMyAdmin either through Plesk or install it seperately - then it's possible to dump the data through Apache/PHP which is most safe.

2) create a backup-script (either in PHP or could be a shellscript - runned by user with access to mysql commands - putting the backup in a users ftp-dir) that might do the same as the above mentioned.

3) give chrooted access to mysql

4) only open up outside access to that user from ONE ip - the ip of the server/computer the backup is taken from....

I could find more ways to solve your problem - but I think the above would do :)
 
Originally posted by serve-you.net
Generally, it's a bad idea to allow connections from outside of the server, unless you need it. As with any type of external access, you are opening up another port/application for the bad guys to exploit. Do it on a case by case basis.
Click to expand...

No, thats not a bad idea. It is very often used. For example
to sell content with MySQL-Accounts.
 
hi james,

Originally posted by jamesyeeoc
Giving *full* access from *all* ips will allow anyone in the world to get to your databases, of course they would need a valid user/pwd, but all it takes would be for one client to have a simple password which could be broken by a dictionary attack and you would then be in some serious trouble.
Click to expand...

I think, he does it by that way alike we also do it in our
editorial-office. I produce content (f.e. workshops, articles,
faqs, and so on). All this will be inputed into one central
database. And now this database must feed it to different
webpages. Some webpaes are already onto the same
server. But there are also other departments or other
companies who pay for each content.. Publishing one
article will then not only appear onto our magazine, it will
also appear onto other servers.

In such a case, you have to give the client an account to
access some special tables of a MySQL-database. A client
will have to connect from his server with his ip-number
111.111.111.111 to my MySQL-Server with ip-number
222.222.222.222.

So, Marios should read the MySQL-Handbook at
http://www.mysql.com

<?php
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
?>

Easy.
 
Hi editor,
Yes, I understand that it is a necessary thing for some domains. I just don't think it's a good idea for him to open up full access from "all IPs". I have no objections to opening up MySQL access from specific client IPs, I do that as well.

But I also put those client's who need external access onto a separate server (or dedicated hosting) to minimize the risks associated with it. If one client's box gets hacked, then it will have no impact at all on any other client. This is just my way of doing things with my clients, as always, each hosting admin has to make their own decisions for their business.
 
Has anyone tried Power Toys ???


they say they have MySQL Remote Admin User Manager .
This may let me have external access to SQL throught the panel.

Any one using these Toys ?
 
Originally posted by Whistler
I think its fair to say: yes!!! theres a lot of other more secure options...

If the user only needs access to MySQL from outside the box to make a backup heres a couple of suggestions:

1) use phpMyAdmin either through Plesk or install it seperately - then it's possible to dump the data through Apache/PHP which is most safe.
Click to expand...

This wont work cause phpMyAdmin lets u backup db that are 4 mb maximum,not any bigger ones :(
 
Originally posted by MaRiOs
This wont work cause phpMyAdmin lets u backup db that are 4 mb maximum,not any bigger ones :(
Click to expand...

Alter your settings in either phpmyadmin/config.inc.php or in php.ini on your system.

If I remember correct, it's a PHP default limit and it could be changed through php.ini

So yes, it's still an option just change the limits :)
 
I've checked both files u said and couldnt find anything at all :(
 
You must log in or register to reply here.

Similar threads

Daerik
Resolved Plesk Migrator Failing to Sync Database Records After Server Upgrade
Replies
8
Views
387
Maarten
M
Pentarou
Question Security Concerns
Replies
1
Views
9K
Kaspar@Plesk
Kaspar@Plesk
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
391
Leta
L
M
Issue Plesk Update 18.0.34 to 18.0.57 Database 'psa' not found
Replies
10
Views
2K
musa.sc
M
Y
Resolved SQLSTATE[HY000] [1045] Access denied for user 'es_fprkmvi'@'localhost' (using password: YES)
Replies
16
Views
14K
ynb.dev002
Y
Back
Top