Ok so I've read this countless times that under Remote MySQL in your cpanel (I host with namecheap) that you shouldn't add 127.0.0.1 as a host to allow remote connection to your database since it could be a security risk.
However, I wanted to know if there is anyway I can connect to my MySQL database on my hosting server from my local machine.. instead of using the MySQL thing that comes with WAMP since I hate transferring databases back and forth after I develop for a week on my local machine. The data tends to not stay consistent over time and it gets tiring having to drop your database and reupload it with the newest tables.
So I was wondering if there was a way to allow this connection without exploiting a security risk? So I don't have to have two separate databases..? Unless it's safer to keep up with this practice..?
Thank you!
And I know the IP changes often on your machine (a dynamic IP I believe is what it's called) so is there anyway I can have an unlimited connection no matter if the IP changes?
I'm not sure why they would say not to add 127.0.0.1 - that's the local machine, which means that people from the outside can't access it. So you have skip-networking turned on and you're connecting through a local UNIX socket? Are you sure it didn't say not to add anything other than 127.0.0.1?
Do you have SSH access? If so, you can easily use SSH tunneling so that you'll only have to connect locally with a command like
ssh -L 3307:localhost:3306 -N yoursever.com
Then you connect locally on your home machine to port 3307 (you can make this 3306 but you said you develop your database locally as well, so in that case you'd need a different port). Then the packets go through SSH and magically appear at the database, looking as though they had come from the same machine. The security there is all done by SSH, which is great because it has "secure" right in the name, without opening additional ports (assuming that you have the SSH daemon running)
Related
is it possible to redirect entire mysql query to another server?
I've have many apps in differents server that comunicate with a single database (windows machine).
For transfer database (to a linux server) without change any IP inside many many php files (there are a lot of things that i don't know because is not my creation but is my legacy) there's something i can do?
Proxy?port forwarding?
Afaik, mysql implementations don't offer this functionality, however, you can "proxy" connections using an ssh tunnel like this:
ssh -N ssh-user#host.domain -L 3306:127.0.0.1:3306
This requires an ssh-server on the host that serves the mysql (on port 3306) and you having ssh-access to that machine. You run the command on the machine your php is excecuted from, then you can, as long as it runs, access the mysql host on "localhost". All requests will be securely tunneled to the remote mysql server.
The -L switch instructs ssh to forward tcp connections on local port 3306 to port 3306 on the machine you ssh to.
The -N switch instructs ssh to do just that and not run a command.
If you add the -f switch, the command will immidiately fork into background, which may be useful for this usecase.
You probably also want to use passwordless ssh
However, this is probably not a clean solution for production. I use this method only for development purposes and I'd suggest you fix your codebase on the long run (i.e. put your mysql configuration in a central place).
I used to run a mysql server on a box where clients would connect to localhost (/var/lib/mysql/mysql.sock), but have subsequently moved the MySQL server to dedicated hardware.
To date, I have successfully been able to use both socat and mysql-proxy to make /var/lib/mysql/mysql.sock forward to the remote server, but I wonder what other options are availble, ideally something that can implement caching would be desirable. I played around with ProxySQL but realised that wasn't for me, as it would need a list of all users.
As mysql-proxy was only ever declared alpha I'd like to use something else.
About 2-3 weeks ago I stopped using phpmyadmin and started using MySQL Workbench. Now, I can't connect to phpmyadmin. I tried connecting from two different computers and from the server. Tried connecting with at least 4 users and root. I am suspecting that this is Workbench's fault. During the time I used Workbench I made some changes to user privileges, but don't remember the specifics. I get "Wrong username/password".
Any thoughts ?
Looks like some of the comments have been deleted, but judging by what's left there was a suggestion for you to check your permissions for your user with hostname localhost, and it appears you did not understand that % is not the same as localhost. Many installations come with several root users, one for host localhost, one for host %, and sometimes a third for 127.0.0.1. This is normal and part of how MySQL handles permissions. TCP/IP connections match %, socket connections do not (they use localhost).
Another thing that's important to realize is that, when using phpMyAdmin, it doesn't matter what client machine you're using; what matters is what machine is the web server, since that's where the requests to MySQL come from. So you can easily get a bit confused if using a remote machine to connect to a web server running on the same machine via sockets to the MySQL server -- even though you're on a remote machine from the MySQL server, in this case it appears as a localhost connection to MySQL.
Anyway, very likely what happened was you were "cleaning up" extra users and removed one that had the opposite host value (either % or localhost); I'd simply recreate your user with the other host. That should clear it up for you.
Due to security considerations from my provider, I am not able to MySQL Workbench to connect to my database. The only way to access my database is to use phpmyadmin. Because I'm used to use MySQL Workbench and their tools, it is for me much easier to maintain my database. Using phpmyadmin is annoying, so I'm googeling a solution to use anyway MySQL Workbench. Is there a way to break this security consideration or to connect MySQL Workbench through phpmyadmin to gain access to the database?
If your hosting provided did it recently then I am pretty sure it is must be a response to this terrible security flaw discovered in mysql last month. The attack is as simple as running that one line shell command.
Not all OS/MySQL combinations are vulnerable. In case your hosting company was, then for a few moments - all customers
logins were at stake (including the root login).
To answer your question, unfortunately you can not do much in this case. You cannot do any port forwarding tricks even if you have shell(ssh) access because normally port forwarding isn't allowed in shared hosting environments.
In case you want to try, you can run this command on a unix box
$ ssh -L 3306:localhost:3306 username#yoursite.com
If you can login and don't see any errors related to port forwarding, perhaps your can direct your workbench to localhost on port 3306 and theoretically it should work.
If you are using windows you can use putty to do port forwarding as described here.
I think no. Only changing table Users in MySQL you can access from other IPs and hosts. And this table is not accessible by other users.
We have a fairly simple M$ Access db, split into front-end (forms, reports, etc.) and back-end (tables). Currently looking for a way to get the tables with all the critical data off of one desktop and hopefully into a MySQL database on our web host, and be able to connect to it from multiple PCs (still probably only one or two people connecting to it at any give time), and eventually, hopefully, migrate to a web application when time allows. Many of the examples I've read about people connecting an Access db front-end to a MySQL back-end seem to imply that they are doing so on a LAN, probably behind a firewall, etc.
Is it at all safe to connect a M$ Access front-end to a MySQL backend when that mysql server is running on a remote web host? Does the ODBC connector take care of encryption?
TIA,
Monte
You could use putty to mount a ssh tunnel to your mysql server and redirect the remote mysql port to your machine.
Using putty is pretty straightforward:
Give it your mysql server dns name as the host and go to "Connection/SSH/Tunnels", there you define the local port to connect in the "Source Port" field (e.g. 3307).
In the the "Destination" field put the dns name of your mysql server followed by a colon and the port mysqld is running in (e.g. mysql.example.org:3306).
Save this as a profile then connect and the remote mysql port will be availbable locally on port 3307.
Just make sure you restrict the user because by default he will have an ssh shell on the server.
Setting up key authentication would also be practical because you won't have to enter a password to connect to the server (but be sure to protect your key on disk by encrypting it).
EDIT: It seems the mysql odbc connector support ssl, you could use that too but I'd personnally choose to use SSH anyway as you will have it already on your mysql server.