User: Password:
|
|
Subscribe / Log in / New account

Restricting RDBMS network access

Restricting RDBMS network access

Posted Apr 5, 2013 12:14 UTC (Fri) by dskoll (subscriber, #1630)
In reply to: Restricting RDBMS network access by tialaramex
Parent article: A serious PostgreSQL security fix

Except it seems the Java MySQL connector doesn't _do_ Unix sockets, so they have to talk TCP/IP anyway

On Debian at any rate, PostgreSQL listens on a TCP socket, but it's bound to 127.0.0.1 by default. Why can't MySQL do the same thing?


(Log in to post comments)

Restricting RDBMS network access

Posted Apr 5, 2013 12:48 UTC (Fri) by anselm (subscriber, #2796) [Link]

MySQL can do this in principle, but it's not completely trivial. You need to specify the host by IP address (127.0.0.1); if you just put »localhost« the client library will go for the Unix-domain socket even though it looks as if it is using TCP/IP.

The other problem is that the MySQL server will listen to either all of its host's IP addresses or else one single IP address. This means that if you configure it to listen on 127.0.0.1 you don't get to specify another address, e.g., of an internal »bridged« network for virtual machines. This is admittedly a minor inconvenience but still a hassle to work around.

Restricting RDBMS network access

Posted Apr 5, 2013 17:59 UTC (Fri) by dskoll (subscriber, #1630) [Link]

You need to specify the host by IP address (127.0.0.1); if you just put »localhost« the client library will go for the Unix-domain socket even though it looks as if it is using TCP/IP

Not the Java library, surely, which only does TCP sockets?

The other problem is that the MySQL server will listen to either all of its host's IP addresses or else one single IP address.

Well yes, that is a defect. But if MySQL already supports listening on two sockets (TCP and UNIX-domain) I can't imagine it would be that hard to modify it to support a list of bind addresses.


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds