We need to query and pull data from our client's remote PostgreSQL database and ultimately import it into a table in our MySQL database. Due to security concerns, our client is unwilling to open access via the default port 5432 so we can do this. We have considered possible setting up a PostgreSQL database on our end and trying to connect with that, but we don't know if that will give us any more flexibility.
The question is, is there an alternative port other than 5432 that we can have our client open up so we can access?
Configure PostgreSQL server to accept connections from a specific IP + authentication, without changing default port. This normally should be done even for local connections.
Configure router/firewall to do port forwarding (i.e. firewall:port9999 --> postgresql_server_ip:port5432) + add source_ip as another layer of "security"
Related
this might be a very rare usecase, but what I'm trying to do is:
Connect to a MySQL-Databse (of my website) from a PostgreSQL Database to create a foreign table that gets the website-user information from the MySQL Database.
So what I did so far is installed the MySQL foreign data wrapper (fdw) for PostgreSQL and tried setting up the foreign server. The problem is, the webhost only allows SSH access to the database while the mysql_fdw only accepts additional SSL parameters:
{ "ssl_key", ForeignServerRelationId },
{ "ssl_cert", ForeignServerRelationId },
{ "ssl_ca", ForeignServerRelationId },
{ "ssl_capath", ForeignServerRelationId },
{ "ssl_cipher", ForeignServerRelationId }
So my question is, can I somehow use my SSH login credentials (SSH user/pw or key pair) to generate the necessary SSL parameters?
Does anyone have a clue on how to achieve this?
Thanks and kind regards,
Michael
You almost certainly aren't accessing MySQL via ssh. What you are doing is accessing the server it is on via ssh and then connecting to MySQL. You might be doing this just by running the mysql command-line client or by forwarding a port to your local machine.
So - if you want to connect to MySQL from your PostgreSQL server it will need to be accessible from the internet. You should open up just PostgreSQL's IP address for MySQL's port on your firewall. Then, your GRANT statements on MySQL can the user login to that remote hostname too. Have a separate user just for this remote connection.
It might also be possible to require a known client certificate from the PostgreSQL connection. That will further secure access.
Now - it might be that you are on a service that doesn't allow remote MySQL access at all. In which case, you will either need to set up a permanent ssh tunnel (fiddly, can cause problems when intermittently connection drops) or push data from the mysql end.
Good afternoon, i have 2 PC's, where one is my WAMP server, with MySQL Database and so on. And the other i made a connection to my DB throw MySQL Connector ODBC Driver.
My doubt is if is there a way to block access of this second PC to my Server PC ?
I'm learning about MySQL control management, and i came across with this case, and i couldn't found an answer searching about this by myself.
No, there's no builtin mechanism in MySQL Server that detects that a connection attempt is from a MySQL Connector ODBC Driver, and blocks the connection.
It is possible to block connections to the MySQL Server, by setting up the appropriate user definitions in MySQL Server (entries in the mysql.user table).
In MySQL, a user is identified by a user name together with a host (either a DNS hostname or IP address, depending on whether we've specified skip-name-resolve option.)
If we setup MySQL users with wildcard hostname '%', then we are allowing TCP/IP connections from any host or any IP address.
If we remove user entries with a wildcard hostname, and instead create users with a more specific hostname (or IP address), then connections will be allowed only from the specified host/IP address. With a net effect of blocking connections from other hosts.
This topic is more fully addressed in the MySQL Reference Manual
https://dev.mysql.com/doc/refman/5.7/en/connection-access.html
Also, for TCP/IP connection attempts, a network firewall (for example, Iptables on Linux) can be configured to knock down connections before they are even seen by MySQL Server.
I setup a remote database server on digital ocean. I use this server to connect different VPS to this server and save the data separately. This works very well. But I do not know how to connect properly via sequelPro to this server now, as I needed to adjust the my.cnf file on the server to adjust the bind address.
When I set the bind_address to 127.0.0.1 I can connect perfectly well to the server via this config:
But if I do this, I cannot connect anymore to the remote server from my other droplet, as the server IP of the DB VPS is now set to 127.0.0.1 and not to the remote server IP address.
How can I fix this?
You can bind it to 0.0.0.0 which binds to all addresses. Change the default port number to something large that people would keep guessing and that should help.
Also security is determined by the way you harden your application which is your database server. As long as you have strong password that should take care of your security concerns.
Consider a MySQL server that accepts remote connections.
What happens if you have a publicly facing MySQL server, and grant access to e.g.:
'sqluser'#'localhost'
If an attacker now sets his rDNS to "localhost", will he able to access this database?
Is there an extra check that also tries to resolve the rDNS back to the IP?
Regardless, database servers shouldn't be internet facing, but this a what-if-question.
It appears that MySQL uses forward-confirmed reverse DNS (FCrDNS) to counter these kind of attacks.
Most of the logic for the hostname checks can be found in sql/hostname.cc. Moreover, several checks are also performed to make sure that the rDNS doesn't contain an IP or is otherwise poisoned.
I have Nginx+Passenger+Rails3.
Passenger throws the following error:
Can't connect to MySQL server on '184.169.131.xxx' (111) (Mysql2::Error)
I am able to connect to MySql using mysql command. I think that the user that is running Passenger doesnt have the permissions.
I want to know: How to determine which user is running passenger and how to give permissions to access mysql.
Thanks
If it can't connect, it's likely that either:
Your MySQL process is bound to 127.0.0.1 and can't accept connections from remote machines.
Your firewall has blocked port 3306.
Are you certain that mysql is connecting to the same remote? You might be running a local server instead that allows access with the default configuration.
As a note, opening up 3306 to the general internet is a bad idea, so you will want to be very selective in how you do this. The best practice is to use private IPs whenever possible, like 10.x.x.x, 172.16.x.x or 192.168.x.x. There are a number of reserved blocks which can be used safely, but these cannot be routed outside your local network.
You should also check that whatever config/database.yml settings you have defined are the same you're using with the mysql command-line tool. Passenger is not treated as a special case.