View previous topic :: View next topic |
Author |
Message |
OdinsDream Veteran
Joined: 01 Jun 2002 Posts: 1057
|
Posted: Tue Dec 10, 2002 11:18 pm Post subject: Closing mySQL port 3306, but keep webserver functioning? |
|
|
Is it safe to close TCP port 3306, used by mySQL, and still have PHP pages served by apache able to query the local database?
I'd like to secure things as much as possible on the system, and if I don't need that port, how can I close it? |
|
Back to top |
|
|
klieber Bodhisattva
Joined: 17 Apr 2002 Posts: 3657 Location: San Francisco, CA
|
Posted: Tue Dec 10, 2002 11:37 pm Post subject: Re: Closing mySQL port 3306, but keep webserver functioning? |
|
|
OdinsDream wrote: | Is it safe to close TCP port 3306, used by mySQL, and still have PHP pages served by apache able to query the local database? |
Assuming you're using iptables, you can block all external connections to the mysql port, but still allow localhost (127.0.0.1) connections. Then, in your php pages, configure your mysql server as 'localhost' and you should be good to go.
--kurt _________________ The problem with political jokes is that they get elected |
|
Back to top |
|
|
rac Bodhisattva
Joined: 30 May 2002 Posts: 6553 Location: Japanifornia
|
Posted: Tue Dec 10, 2002 11:44 pm Post subject: |
|
|
Similar incantations can be used with /etc/hosts.deny and /etc/hosts.allow, assuming mysql is compiled with tcpwrappers support. A more drastic solution is to add "skip-networking" to the server part of my.cnf, which will only allow connections through the local FIFO. This was the default last time I checked for Debian. Then the question would be whether you could get PHP to connect via this socket. The mysql command-line client can. _________________ For every higher wall, there is a taller ladder |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|