Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Closing mySQL port 3306, but keep webserver functioning?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
OdinsDream
Veteran
Veteran


Joined: 01 Jun 2002
Posts: 1057
PostPosted: Tue Dec 10, 2002 11:18 pm    Post subject: Closing mySQL port 3306, but keep webserver functioning? Reply with quote
Is it safe to close TCP port 3306, used by mySQL, and still have PHP pages served by apache able to query the local database?

I'd like to secure things as much as possible on the system, and if I don't need that port, how can I close it?
Back to top
View user's profile Send private message
klieber
Bodhisattva
Bodhisattva


Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
PostPosted: Tue Dec 10, 2002 11:37 pm    Post subject: Re: Closing mySQL port 3306, but keep webserver functioning? Reply with quote
OdinsDream wrote:
Is it safe to close TCP port 3306, used by mySQL, and still have PHP pages served by apache able to query the local database?

Assuming you're using iptables, you can block all external connections to the mysql port, but still allow localhost (127.0.0.1) connections. Then, in your php pages, configure your mysql server as 'localhost' and you should be good to go.

--kurt
_________________
The problem with political jokes is that they get elected
Back to top
View user's profile Send private message
rac
Bodhisattva
Bodhisattva


Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
PostPosted: Tue Dec 10, 2002 11:44 pm    Post subject: Reply with quote
Similar incantations can be used with /etc/hosts.deny and /etc/hosts.allow, assuming mysql is compiled with tcpwrappers support. A more drastic solution is to add "skip-networking" to the server part of my.cnf, which will only allow connections through the local FIFO. This was the default last time I checked for Debian. Then the question would be whether you could get PHP to connect via this socket. The mysql command-line client can.
_________________
For every higher wall, there is a taller ladder
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy