I was wondering if there is a way to access a database service on a remote computer without having a webserver installed on that computer?
Does MYSQL DBMS provide some interface (port) which can be connected directly to, or is a webserver (that forwards the communication) mandatory?
MySQL can be access by default on port 3306.
Normally this port will be blocked by the firewall though, as it's not good practice to have your DB server accessible to the outside world.
If you want to access a remote database via the command line you can use the mysql client.
If you're doing this over the internet you should probably use a tunnel or VPN for security.
You can connect to MySQL using ODBC. Default Port 3306
As they said. You can connect with mysql using the (default por 3306). You may use mysql client, or the ODBC, JDBC, or ADO.Net interfaces. There are connectors for most of the main programing languages.
If you are looking for a user-friendly tool to use mysql like PHPmyAdmin you may like MYSQL GUI Tools
http://dev.mysql.com/downloads/gui-tools/5.0.html
Related
I'd like to know how to connect the client pc in a outside network for example a WAM network, i have my database in my pc and i use this like the server. I know how to connect mysql with another client computer inside the LAN network but i dont know how to do it like the other way.
if you don't understand something make me know.
PD: sorry for my english is my first question on a english forum
Ultimately it works exactly the same way - you need an IP address and a port to connect to your database on. You can either do this by setting up port-forwarding at the firewall on the network with the database server (basically, forward port 3306 to the LAN IP address), or by giving the database server a publicly available static IP and then opening port 3306 in any firewalls. Alternatively, you can set up a VPN to the network with the database server, and connect through this. If done right, the VPN option is much more secure.
However, you should ask yourself why you want to do this. Is your idea to have a client software that directly connects to the database? This is not a great design - it's usually better to have a backend database that is accessed via a frontend API (e.g. a RESTful API or similar). Among other benefits, this can give you much better (finer-grained) access control to the database.
Your MySql server should have a firewall rule to accept outside connection on MySql port (default is 3306). Best setup should allow connection from your clients WAN address only.
Then, your C# connector will be able to connect just the same as in LAN.
One of my small python web app hosts on GAE
but I prefer to change its database to Mysql.
GAE database is too special which rely on GAE and not good for future migration.
Can python app on GAE(google app engine) access Mysql server host on VPS/dedicated server?
(of course they are not in same local network with GAE)
if sure, what need to care(firewall, port policy and all others) for Mysql server being open to web?
Sure.
Open the single port needed (3306) inside your firewall of choice.
Always install relevant security updates to the mysql server software as soon as possible.
Create a new mysql user for access from your GAE instance.
Possibly restrict access for this user to one single IP inside of mysql.
(If this is true, you can also enforce it in your firewall of choice too, which hardens the access even more.)
Grant this user as less rights as possible inside mysql.
Simple question:
I use Sequel Pro to connect to my database in the cloud. If I use the "standard" connection method (over port 3306), is that secure, or will a packet sniffer be able to suss out my password? Should I only ever use "ssh" connections?
Thanks!
It's not default, but mysql does support ssl.
https://dev.mysql.com/doc/refman/5.5/en/using-encrypted-connections.html
So likely, yes, your credentials are flying around in plain text, and can easily be captured by a sniffer.
If you are unable to get your provider to configure mysql ssl, perhaps you can vpn first to the network where the mysql server lives, and then connect to 3306? Guess it depends on what options your provider gives you.
Hi Thanks for reading my question. I currently use Mac Terminal to use MySQL. I connect to either localhost or a remote server. Should I be using SSH?
You won't need SSH to access a DB on your local machine.
You can use SSH to access a remote DB using MySQL. You can also use an app with a GUI like Sequel Pro to access the remote DB via an SSH tunnel.
What specifically are you trying to achieve?
There is not enough information to answer your question.
Normally SSH tunnels are used more for adhoc work, while preserving high level of security (can be used in production, too).
MySQL normally uses unencrypted traffic, but it can be setup to use SSL, so that's another path you can take.
Other alternatives are VPNs, for example OpenVPN among other solutions, but this is more of an infrastructure decision.
EDIT: For completeness
On local machine clients can communicate with mysqld over socket or local IP. Normally it is not necessary to encrypt such connections.
For remote connections (which are over IP), as stated mysql uses unencrypted connection and FTP by default also uses unencrypted connection. This might or might not be a security risk (if that particular network segment is on its own VLAN or inside already encrypted tunnel or on physically secured network).
If unsure - encrypt it.
I want to try out some of the MySQL software, like Workbench, on the MySQL Db I develop on at work. After many failed attempts to make the connection, I finally asked one of the server admins if I was doing something wrong and was informed that the Db is behind firewall. So I can use phpMyAdmin, since it's installed server-side, but not Excel, Workbench, etc (from my machine).
So I would like to know if there is a fairly standard way to make a VPN-like connection to the server. Currently I use an SSH client to connect with no problem. But obviously that's not linking my local apps to the server. So can I make the connection in such a way that my whole system (so to speak) is considered signed on to the server? VPN is the closest analogy I can make, but that's not an option.
And....
Is that considered fairly "black hat" or is just something I don't know how to do but all the cool kids are doing it legitimately?
Thanks
This is simple using SSH tunneling. Simply do something akin to the following:
ssh -f username#your.remote.host -L 4040:your.remote.host:3306 -N
This does the following:
-f - forks SSH into background
username#your.remote.host - the user & host for SSH to connect to
-L 4040:your.remote.host:3306 - Listen for local connections on port 4040, and forward them via SSH to your.remote.host port 3306
-N - tells SSH not to issue a command on the remote host
You would then be able to connect to your mysql server (assuming the above ports are correct) using:
mysql --host=localhost --port=4040 --user=mysqluser -p
SSH tunnelling is excellent and can make life a lot easier.
The advantages are that it is all running over an encrypted port, 22, so the security is better and you can also compress the session, so over a slow network might see a bit of a performance improvement...
If you are using Windows, I would recommend puTTY which is available easily if you google it... Once connected, you can assign a local port which forwards to a port on the remote machine. In puTTY, this is in the Connection->SSH->Tunnels dialog.
I often use this for forwarding VNC - so if you have localport 5900 forwarding to the remote address 5900, you can connect to localhost:5900 as if you were connecting to the remote IP address.
It is also useful if there is a "hop" to a remote network - e.g. you aren't limited to forwarding to the ssh server you are connected to, you can also connect to other servers via the ssh server you are using.
Finally, I don't think that there is anything illegitimate about this option - you are using the ssh connection as intended and have been granted access to the server you are using. If anything, it is increased security...
Admins where I am have an Open-VPN that connect their personnal computer at home to servers at work, but it is used only for maintenance and 'emergency'.
I don't think it is good for security to have "holes" in the firewall, especially to a private place, where there is no firewall to protect your personnal computer.
These kind of practise is possible but has to be retricted to minimum