Re: binding mysql to localhost (I/O) [message #3029 is a reply to message #3026] |
Fri, 07 June 2002 18:07 |
hackie
Messages: 177 Registered: January 2002
Karma:
|
Senior Member Core Developer |
|
|
Ken Kizaki wrote on Fri, 07 June 2002 13:45 | Hi,
I have a question concerning the mysqld. I don't like that it's currently offering its services to all interfaces, so I'd like to bind the daemon just to localhost, so it won't be visible anymore inside of a network. I know that there's a commandline parameter capable of for doing this (mysqld --bind-ip=127.0.0.1) but this is quite inconvenient if I want to use the RH specific wrapper (safe_mysqld, kind of a shellskript) as it does not accept this parameter (else I had added it into the initscript). Is there a way to activate the bind feature from /etc/my.cnf ? I believe it should be possible but I haven't found something specific in the manpages.
bye
Ken
|
Actually there is a number of interesting options, first off all consider turning off mysql tcp/ip support entirly, and just using unix sockets /tmp/mysql.sock, that's certianly going to hide it from network, another option is to use your mysql's server's ip filtering capabilities, for example in linux
iptables -A input -p tcp -d ! 127.0.0.1 tcp --dport 3306 -j DROP
.
cc intelligence.c -o intelligence
$ ./intelligence
Segmentation fault
[Updated on: Fri, 07 June 2002 18:08] Report message to a moderator
|
|
|