MySQL connection for every host - mysql

I'm making a winforms app in vb.net that connects to a mysql database on my webserver to read and write data, this all works fine.
But i have to allow the users ip to remote connect to the database.
Is it possible to give everyone access to the database? The user account will not have all rights an the data isn't very important if it got lost.
The user account and connection details are hard coded.
I know this isnt secure but that doesnt really matter.

Yes, that's very well possible. In your mysql privileges table you'll have to grant a wildcard (%) host access to the user. Then in your VB.NET code simply use the address in the connectionString.

Yes, you can GRANT permissions on the database to the same user with wildcards in the host. More information here.
You can specify wildcards in the host name. For example, user_name#'%.example.com' applies to user_name for any host in the example.com domain, and user_name#'192.168.1.%' applies to user_name for any host in the 192.168.1 class C subnet.
The simple form user_name is a synonym for user_name#'%'.
That way every application connects to the database from random hosts and uses the same username/password in the connection string to authenticate, and MySQL will allow it because the host part of the permissions isn't explicitly specified.

But i have to allow the users ip to remote connect to the database.
Why?
Two other options:
1 - Expose the data as a web service. It's already on the web server...
2 - Build a web app instead of a desktop app.

Related

how to connect to azure database for mysql, from azure app service with wordpress docker image?

I have an azure app service, using the latest wordpress image from docker hub. The screenshot for the azure app service:
Then in the azure app service -> application setting, I added the following key/value pairs which will be used to connect Azure database for mysql:
WORDPRESS_DB_HOST
WORDPRESS_DB_NAME
WORDPRESS_DB_PASSSWORD
WORDPRESS_DB_USER
screenshot:
Inside my Azure database for mysql, I have enabled public access / allow public access from any azure service / also add my client ip and this ip range 0.0.0.0 - 255.255.255.255. I can access it from my client and create the database which will be used by azure app service. Screenshot like below:
in server parameters, I also turn off the require_secure_transport setting:
At last, I tried to launch the site, but it throws the error "Error establishing a database connection", screenshot below:
I'm new to wordpress / docker, and don't know how to fix this issue. I also reviewed some videos / docs, and didn't see any other configuration differences. Could you please guide me how to fix this issue? Thanks very much.
You received this error message.
Warning: mysqli_real_connect(): (HY000/1045)>: Access denied for user 'ivan'#'52.xx.xxx.xx' (using password: YES)
It means MySQL received, processed, and rejected your WordPress instance's attempt to connect. So you know the hostname is right and your cloud provider's firewall settings allow your WordPress instance to exchange network data with your MySQL instance.
What's wrong?
MySQL's user name / account name setup has a quirk. An account name can look like 'ivan'#'localhost' or 'ivan'#'%' (or even something like 'ivan'#'192.0.22.33').
The first of those only allows login from localhost (or via tunneling via ssh). The second allows login from '%', meaning any host. You need the second one for your WordPress instance to get access to MySQL.
When you're logged in to MySQL from your machine, do this.
SELECT host, user FROM mysql.user WHERE user='ivan';
You should see two rows, like these
host user
---- ---
% ivan
localhost ivan
It's possible the account with '%' as the host is missing. If so that means you need to create another MySQL account and give it access to your database. Do that like this.
CREATE USER 'ivan'#'%' IDENTIFIED BY 'your_password';
FLUSH PRIVILEGES;
Next, make sure the user account you just created -- the one your WordPress software will use to connect to MySQL -- has access to your database.
GRANT ALL PRIVILEGES ON wordpress.* TO 'ivan'#'%';
FLUSH PRIVILEGES;
If you still get the error message, it's possible the password on your 'ivan'#'%' account doesn't match what you put into your WordPress configuration. You can change it with
ALTER USER 'ivan'#'%' IDENTIFIED BY 'your_password';
FLUSH PRIVILEGES;
If it still gives the same error message, it's possible that your cloud vendor requires TLS to connect to MySQL. You may want to consult their support team about that.
(This is a common stumbling block setting up new WordPress instances.)
ok just to keep and make things clear. all IPs can connect to the DB but are you actually authorized to read/write date in the DB?
I.E. this might be a permission/privilege issue.
I suggest double checking user privileges and determine who can do what on your DB
Best Regards. :-)

mysql database allow external access from specific ip only ubuntu 16

I would like to allow one of my mysql database access from an external, however I would like to restrict it to be access from 1 ip only. Is there any way to do so:
only apply the setting to 1 database
only allow access to that database from a specific ip
My server is ubuntu 16.
thank you!
A MySQL user can be created for a specific origin address:
CREATE USER bob#'202.1.1.3' IDENTIFIED BY 'very very secure password';
GRANT ALL ON db.* TO bob#'202.1.1.3'
Provided no other GRANTS are given to db, then the bob user from '202.1.1.2' is the only allowed user.
Its generally more secure to give a ssh tunnel access, or access on a non-standard port however. Publicly accessible database servers will have their authentication brute forced.

Hosted MySql, Views, client Ipaddress change and Access Denied

I have a hosted MySql server with many databases each with many views. I access the server remotely from my office using HeidiSql.
Once in a while the IP address of my office changes. When this happens, I have to add the new office IP address to the server using cPanel and the "Remote MySql" tool so that I can remotely connect again.
However, all of the views have definer: USER#OLD_IP_ADDRESS. If I need to change a view, I get Access Denied. Up to now, I have been deleting the view (yes, i can delete the view) and recreating it, which makes the view's definer USER#NEW_IP_ADDRESS, and then I can edit the view -- until the Ip address changes again.
So, my question is: What is the best practice is an environment like this. Is there a way to define the views once and, without causing a security risk, be able to edit the views after an IP Address change.
Thanks for any guidance.
You could loosen the host in the MySQL user account a bit, according to the IP range of your internet provider. That way, you don't need to change it every time you get a slightly different IP:
user#123.456.789.%
user#123.456.%
This of course loosens the security in this account, but if your password is be a good one, it should not be too risky.
A better way is to make the MySQL server only accessible via SSH. In that case, your MySQL server can be set up using the --skip-networking option, as you always connecting from localhost. Your user account can be user#localhost or user#127.0.0.1, which then would solve your above mentioned problem for all times.
HeidiSQL also supports SSH tunneled MySQL connections, see here for some tutorial.

Preventing WAN access to a Database

How do I prevent WAN access to a particular database in SQLyog? I am able to grant full access to particular DB's, but not able to prevent them. I have a Web APP that runs on an internal server and accesses MySQL on the same server. I have created a SQL user with my workstations IP, but I am receiving access denied from dbconnect when I run the APP from my workstation.
Thanks,
Tony Cripps
MySQL does not allow connections from anything other than what you've specified. If you want to disallow access from a particular IP or network, then that mean that you've already gone and granted access to them.
Review the CREATE USER syntax, particularly the section on specifying hostnames.
Review the user accounts that you've already created:
SELECT user, host, password FROM mysql.user;
And then re-create them as necessary.
Other than than that, if you want to completely disallow WAN access then you should be looking at your firewall settings, not MySQL.

How to remotely connect to ClearDB in an Azure Website?

I have created a free Azure Website with Wordpress on it. A ClearDB mysql database was automatically created.
I want to remote connect to the DB using something like MySQL Workbench.
I used the credentials from the "View connection strings" in the azure portal dashboard, but there is an error connecting.
I read in some post that the db itself is hosted in azure cloud and thus can not be accessed.
Have anyone managed to administrate a DB like this ?
Mostly hoster don't allow an external connection with shared hostings.
When you use an outside client, your server has to be configured to allow this external connection.
Firewall rules :
You must to set password before make this, for security improvement.
You must to update firewall and make rules to open the mysql port (3306) on the server that is running the mysql database.
Set user IP :
Add an user account or replace ip address.
Adding users :
CREATE USER 'monty'#'localhost' IDENTIFIED BY 'some_pass';
GRANT ALL PRIVILEGES ON *.* TO 'monty'#'localhost'
Replace ip address (be careful don't use this on the root user) :
RENAME USER 'user'#'ipaddress2' TO 'user'#'ipaddress2';
To allow all ip replace ip adress by %.
See more :
Security Guidelines.
How to determine if a port is open on a Windows server? or www.portcheckers.com.
Yes, it is possible to administer your ClearDB MySQL database in MySQL Workbench. I have several Azure Wordpress sites that I connect to just as you describe -- create the Azure site, view Connection Strings, type those credentials into MySQL Workbench, and voila. #Yaron, Can you be more specific about what you've tried and maybe we can troubleshoot from there?