Menu
I heard that anyone that knows my MySQL Username and Password can access it, Even if it's listening only to localhost.
Supposing my info is as following:
USER: root PASS: 123456 Host: LOCALHOST (only) How is it possible that anyone out there (local) can access it?
536
If clients encounter Too many connections errors when attempting to connect to the mysqld server, all available connections are in use by other clients. The permitted number of connections is controlled by the max_connections system variable. To support more connections, set max_connections to a larger value.
MySQL supports encrypted connections between clients and the server using the TLS (Transport Layer Security) protocol.
One means of restricting client use of MySQL server resources is to set the global max_user_connections system variable to a nonzero value.
If you restrict access from remote hosts to your usernames and passwords then someone won't be able to access the database externally.
You could also configure your firewall to only allow traffic to 3306 (MySQL Default Port) from the localhost machine.
Update
To setup your user so they can only access through LOCALHOST use:
GRANT ALL PRIVILEGES ON *.* TO db_user @'localhost' IDENTIFIED BY 'db_passwd'; GRANT ALL PRIVILEGES ON *.* TO db_user @'127.0.0.1' IDENTIFIED BY 'db_passwd'; Also, bind your MySQL server to the local address. You can do this by editing the [mysqld] section of my.cnf:
[mysqld] bind-address = 127.0.0.1 This is an older question that I stumbled across, but if Darkeden had phpMyAdmin or similar running, anyone can log in to that using valid MySQL credentials.
If it was compromised, then in addition to restricting connections, change all passwords.
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
