Siva Dasari
asked on
Lost user connectivity when MySQL is binded with IP address.
Hello,
I have used bind-address option in MySQL config file which stopped my connectivity to mysql instance on specific user. I have figured it out that the user is created with host as "localhost". I'm able to fix this issue by updating the user Host field with binded ip or using wildcard '%' (any ip).
I'm trying to understand is there is any possible security issue using wild card '%' to allow on any IP or it is recommended to bind with specific IP?
Also, what is recommended approach for high privileged user accounts like root & mysql.sys?
Thank you
I have used bind-address option in MySQL config file which stopped my connectivity to mysql instance on specific user. I have figured it out that the user is created with host as "localhost". I'm able to fix this issue by updating the user Host field with binded ip or using wildcard '%' (any ip).
I'm trying to understand is there is any possible security issue using wild card '%' to allow on any IP or it is recommended to bind with specific IP?
Also, what is recommended approach for high privileged user accounts like root & mysql.sys?
Thank you
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Adding to Dave's point, you can create other users who can be accessing from any (%) source while restricting what they can do on the system.
ASKER
I tried to do the following as per your comments but ended with an error, could you please let me know if i'm missing something here ...
mysql> UPDATE mysql.user SET HOST="127.0.0.1" WHERE user="root";
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.02 sec)
mysql> exit
Bye
[siva@mysql ~]$ mysql -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[siva@mysql ~]$
Please read the --bind-address section on this page: http://dev.mysql.com/doc/refman/5.7/en/server-options.html The default value is '*' which allows the server to connect on any IP address or hostname. It is probably better to use '*' and restrict access in the 'privileges' where you can limit users to specific IP addresses without blocking the entire server.
Changing the host, does not set a password, which seems that root might not have a password
mysql -u root
See if it loggs you in.
select * from mysql.user where User='root';
Also, usually the host us localhost, versus the equivalent 127.0.0.1.
mysql -u root
See if it loggs you in.
select * from mysql.user where User='root';
Also, usually the host us localhost, versus the equivalent 127.0.0.1.