I'm a student and I'm taking a database class. We are installing MySQL on our computers to gain familiarity with the product. As I'm installing this on my personal computer, I remember the professor saying something about disabling the TCP/IP connectivity for security purposes, but I can't remember the specifics and when I setup my first local instance I chose to disable this option and selected the shared memory option (Windows installation). However, I was not able to connect to the server from my host.
Can anyone make some recommendations as to the appropriate connection options for me to choose when starting a server?
Thank you very much.
Related
I am very new in this environment and currently having this difficulty to share my DBMS work to my teammates. Tried to find solutions but mostly it was a solution if it's from the same network. Is there any way (in details) how can I share it from outside network?
Try setting up a VPN/Proxy server on your LAN network and then your teammates will connect to that VPN/Proxy server externally for accessing the phpMyAdmin DBMS as a VPN or Proxy would simulate your teammates network connection to be as if they were on the same network as the phpMyAdmin DBMS, which is only accessible on LAN.
This will undoubtedly be the most secure method of connecting to the server and also without making too many changes to the configuration of the phpMyAdmin DBMS, which could be messed up in the process of modifying all the configuration files and be quite a hassle.
Me and my friend have to do a project in Mysql and i am trying to find how me and my friend can work on mysql together from our own workstations. Is there a way where we both can work on the same database together without being physically present.
I am fairly new to mysql.
Just take cheap shared hosting that has MySQL databases and preferably also PHPmyAdmin and cPanel or any other panel to easily manage your databases. In that way, you have minimum hassle to create and manage databases that you can both access.
Google "compare cheap shared hosting" and that's it. Or take this quick Google result I got: https://www.pcmag.com/picks/the-best-cheap-web-hosting-services
If you're not happy to pay $1-$2 per month for hosting then you can install WAMPP or XAMPP on Windows machine but then you'll have to also Google how to forward ports from your router.
Edited 3aug2020: For a free MySQL hosting for up to 5MB free storage please, check https://www.freemysqlhosting.net
You can use a program like XAMPP to host mysql and port-forward phpmyadmin so your friend can visit your db
https://www.apachefriends.org/index.html
If you have MYSQL running on a server or your local computer you can both access phpmyadmin (http://server-ip/phpmyadmin) you can also use programs like Navicat (paid) or HeidiSQL (Free).
You can make the database remotely accessible, in which case your friend can connect and work on it as well.
Without knowing more about your network setup it is difficult to say how you should proceed, but generally it is enough to spin up a mysql-server instance on the host machine, then forward a WAN port to the LAN address and port of the host machine.
I am facing this problem:
stackoverflow question
except my host doesn't seem to have cpanel. Since the answer given in the linked question is cpanel related it has not helped me. Is there anything I can do?
It seems you are trying to connect from a client machine located on your desk to a mySQL server instance located in a service provider's server farm. You're trying to use the ODBC "driver" for mySQL to do this, so you can look at your mySQL data with MS Access. (Right?)
You need to make sure this particular hosting service provider allows remote connections to their mySQL server instances. Some service providers, especially the lowest-cost ones, prevent these remote connections using firewalls or other network isolation techniques. (They do that because it's easier to control both security and performance when only their own web servers can connect to their mySQL servers. ) If your service provider prevents all these connections as a matter of policy, you're going to need another service provider.
If they DO allow remote connections, you may need to enable those connections for your mySQL database. That's what the "cpanel" function mentioned in the other question is about. cpanel is a popular control panel web application offered by many commercial hosting service providers to allow self-service control by their customers. If your service provider doesn't use cpanel, you'll have to find out what they do use. Even if they do use cpanel, they may still not allow remote mySQL connections.
You will also have to make sure your client machine (the one running ODBC) and user have authorization in the mySQL user database.
You would do well to put in a service ticket to your service provider asking if they do offer remote mySQL access. If they say "yes," then you can ask them for advice and help on setting it up.
Keep in mind that opening mySQL server instances for direct connection over the publicly accessible internet is not ordinarily considered a good security practice. If the data in your database is in any way private (peoples' identity information, for example) you need to be very careful indeed.
The VPS I was using used to have phpMyAdmin pre-installation option but removed it stating it poses security risk. Does it?
If so do you recommend an alternative for browsing DB on production (other than running SQL commands in console)?
Any extra software you add to a system adds complexity. Complexity is the enemy of security.
PHP webapps are notorious for sloppy coding and certainly phpMyAdmin has had more than its share of security holes in the past. You can certainly mitigate the damage by eg. putting behind HTTPS with a client certificate, but that's not going to prevent cross-site-request-forgery attacks.
For a production machine, I'd really prefer to stick to the console.
It depends. If you can get all the access to PhpMyAdmin through SSL only, and enforce strong password security on the web site, it can be secure.
Otherwise it's opening your entire DB server to the world in clean view.
1)install classic PHPMyAdmin
2)add ssl to your phpmyadmin
3)add .htacess and protect it with a password
More third party software - more issues you can get. My recommendation is to use mysql console on vps and denied outside connections to mysql with root rights
I recommend setting up phpMyAdmin on your local box. Then set up a ssh tunnel to your production box and forward mysql's port to your local machine. Configure your local phpMyAdmin to connect to that forwarded port.
That is, if you really want to use phpMyAdmin.
There have definitely been security wholes in the past. Probably will find new ones in the future. It's always a risk to open that kind of a tool to public web space.
I recommend installing database management software, and connecting to your production DB through an SSH tunnel. If you're on a Mac, I'd install Sequel Pro for free. On other platforms Navicat (and other similar software) is available, but it does cost money.
I'm new to MySQL and I'm using a desktop DB management app called "Querious" to simplify the process while I learn.
I want to work on (mainly just structure & basic population) a database that's hosted elsewhere, but the host won't allow any remote MySQL calls on their server.
What is their reasoning for restricting MySQL calls to localhost only? Is this a security or a performance concern?
This is a security concern. The idea is that if people can't remotely connect, they have to compromise the system. Not just the files that hold the database information.
You may be able to request that just add your IP address to a trusted host file, but I doubt they'll do that either.
It's fairly common practice to not allow remote DB connections
I've run into this problem with GoDaddy where they implement this by default. You can change this, however, by indicating that you want to allow remote access. If you've already created your DB, though, you can't change it, so I would recommend creating a new DB and deleting your other one.
The reason why is for security. If only your app can call your DB, you don't have to worry about other people trying to access it.
Distill,
An improperly-configured MySQL instance is dangerous, whether the user is remote or local. This could allow malicious attackers to cause crashes or remote execution of arbitrary code (i.e., owning the machine).
You can use PuTTY to create a tunnel if it's allowed by the server so that your application traffic goes through ssh and then is forwarded to the correct port on localhost.