| |||||||||||||
Restricting RDBMS network accessRestricting RDBMS network accessPosted Apr 5, 2013 12:48 UTC (Fri) by anselm (subscriber, #2796)In reply to: Restricting RDBMS network access by dskoll Parent article: A serious PostgreSQL security fix
MySQL can do this in principle, but it's not completely trivial. You need to specify the host by IP address (127.0.0.1); if you just put »localhost« the client library will go for the Unix-domain socket even though it looks as if it is using TCP/IP. The other problem is that the MySQL server will listen to either all of its host's IP addresses or else one single IP address. This means that if you configure it to listen on 127.0.0.1 you don't get to specify another address, e.g., of an internal »bridged« network for virtual machines. This is admittedly a minor inconvenience but still a hassle to work around.
(Log in to post comments)
Restricting RDBMS network access Posted Apr 5, 2013 17:59 UTC (Fri) by dskoll (subscriber, #1630) [Link] You need to specify the host by IP address (127.0.0.1); if you just put »localhost« the client library will go for the Unix-domain socket even though it looks as if it is using TCP/IP Not the Java library, surely, which only does TCP sockets? The other problem is that the MySQL server will listen to either all of its host's IP addresses or else one single IP address. Well yes, that is a defect. But if MySQL already supports listening on two sockets (TCP and UNIX-domain) I can't imagine it would be that hard to modify it to support a list of bind addresses.
|
|||||||||||||