Originally Posted by gmandas
Note: Yes; I know '%' is unsecure and adding skip-name-resolve is even more unsecure. I think we're OK since all DB access is done via canned queries in PHP apps.
Huh? Just because your PHP application is the only thing you
access MySQL with doesn't mean it's the only way anyone
can access MySQL. If you bind it to your public network interface, anyone can access it. Also, are you certain your PHP apps are written absolutely tightly and are not vulnerable to SQL injections? You could be one skiddie away from a trashed database.
Listen: There is a reason
why later version of MySQL and recent Linux distributions lock it down so much by default: It was previously very unsafe and very easy to exploit!
Essentially what you are all doing is removing all the security and making it exploitable again.
It's already been said once in this thread, but here's the solution: Use a VPN or SSH tunnel to access to box, then access MySQL locally without needing to bind it to external network interfaces.
Yes, this will even allow you to access it with the GUI tools from your desktop. You just need to setup a port-forwarded ssh connection to your database server and tell your GUI client to connect to the local port on your machine (the local side of the ssh port-forward).
Stop trying to defeat security that is there for a good reason. You should be working hard to find a secure alternative to what you're trying to do, instead of working heard to defeat the security.