Issue Why is it the default setting to allow remote connections to databases?

[hschramm]

Hi,

before opening a bug report, I want to know, why it is the default setting of all databases / db users to allow access from remote in the plesk ui. I know that per default the bind-address param of mysql is set to localhost, but think about the following scenario:

- Let 100 Users create their databases not caring about the default setting "allow remote connections from all"
- The mysql bind-address param is set to localhost (so nobody has remote access to the mysql)
- One user wants to access his db from remote
-> you have to reconfigure the mysql bind-address to 0.0.0.0 (or comment it out)
- Now 99 Users have a broader security risk in getting bruteforced for their databases

From my understanding the correct default value in plesk ui should be "only local connections"

Kind regards,
Holger

 

[weltonw]

You can change the behavior under Database Servers to default to local only

I wouldn't consider this a bug

 

[Kaspar]

I don't believe this is actually the default setting. At least not on any of my Plesk installations. As @john0001 pointed out you can change the default setting for remote access via Tool & Settings > Database Servers > Settings.

 

[hschramm]

iam going to make a plain fresh plesk install and see what is set after install.

 

[Bitpalast]

@hschramm The default MariaDB my.cnf setting is a bind to localhost only. So even if Plesk had it set to allow for all, the database should still remain inaccessible unless my.cnf is changed to bind = ::.

 

[weltonw]

You should also have p3306 blocked from 0.0.0.0/0 anyways....if you need remote access do it over a secured tunnel.