tags:

views:

31

answers:

2
Q: 

Restrict access to MySQL DB through localhost, not through IP ?

I'm using MySQL and a web-service connect to the database to read some values.
The web-service and the database are on the same server.
I want to deny access to the database through the public static IP of the server and the port of MySQL. That means only allow access to the database through localhost, so that only the web-service can connect to it, How to do so ? What configuration for example in MySQL should i do ?

+3  A: 

It's not possible to restrict access to mySQL to specific applications as such.

You can, however, create a user account (e.g. named webservice) that is restricted to connect from 127.0.0.1 - that's the best you can do as far as I know, and should be totally sufficient.

Pekka  2010-08-17 12:15:34
Can't we disable anonymous logins to mysql DB (i mean by anonymous through the public IP) ? and grant login to the DB through 127.0.0.1 (localhost) only ?
Ashraf Bashir  2010-08-17 12:22:01
@Ashraf yes, that is exactly what I'm talking about. You just need to `GRANT` the correct permissions. Another thing would be to configure your firewall so requests from outside don't get through at all.
Pekka  2010-08-17 12:24:38
That is exactly what Pekka (and myself) are saying. You can restrict access to connections from `localhost`, but if there was another program running locally, you cannot stop it accessing the database (assuming it has the correct password/username...)
Stephen  2010-08-17 12:25:11
Thanks Pekka and Stephen
Ashraf Bashir  2010-08-17 13:02:46
+2  A: 

There is no way to restrict access to only the web-service. You can restrict it to just applications running on the same host. To do this, create a new user with a host of either 127.0.0.1, or localhost should also work. You can either do this graphically or through the command line:

CREATE USER 'webservice'@'localhost' IDENTIFIED BY 'webservicepassword';
// Grant privileges here... 
// For example, GRANT ALL PRIVILEGES ON *.* TO 'webservice'@'localhost' - but it's a far better idea to restrict access to only what it needs...
Stephen  2010-08-17 12:21:23
create user is unnecessary. just GRANT query will do everything
Col. Shrapnel  2010-08-17 12:23:11

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?