Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi I'm buildind a MySQL server and I've been following a tutorial to help me building it.
At certain point of that tutorial, after the server installation part, it is said:
Quote:
Now you need to configure MySQL to listen on all interfaces, not just localhost for this you need to edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1 save and exit the file.
#vi /etc/mysql/my.cnf
#bind-address = 127.0.0.1
I didn't understand quite well what is that for. Isn't my server get vulnerable by doing that?
MySQL is intended to be a database for many uses including some very intensive network ones where it may be connected to from many other machines.
If you are going to use it on a single machine then I would doubt there is any need to alter that line.
In fact, the whole line bind-address doesn't occur in my "my.cnf" and it works very well.
Depends I suppose where you got your mysql from. I've found that if you get a version that is in the repositories of your distribution - you don't say which you are using but I assume yours does - then the database is usually compiled to only work on one machine unless you have a need to specifically to open it up further.
As you rightly surmise, the more you open up the greater the risk.
the MySQL server is being created to run a forum database. And yes, I have used the MySQL server on my repositories, I'm using Debian.
So I think it won't be necessary to do that, because the forum users are not going to access the database itself from outside, they just post and the forum (which will be hosted on the same machine) will write on the database, am I right?
That's beyond my level of expertise, but I would have thought that with a forum members are going to be logged into your web server and interacting with the database through forum software - unless you are doing the whole thing yourself with php.
That may well mean only the local machine accessing the database but you'll have a whole lot of very limited mysql users to cater for.
I'd be interested to hear sometime if that surmise is right.
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
I think I'm not going to change it.
And yes, I am thinking like you: Users will login to my webserver and interact with the database via the forum software. No, I'm not doing php by myself, I'm using phpBB3. But in practice, what is going to access the database is the phpBB itself, and that is installed on the local machine, so the database access will only be local. It is even more secure.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.