MySQL Local Connect Only
Somebody asked if you really have to run the MySQL Configuration Wizard when you want to shut out network connections. The answer is no.
If you want to secure the database server to perform maintenance, you can comment out the port assignment line in the [mysqld] section and add the following in the same section:
# The TCP/IP Port the MySQL Server will listen on # port=3306 # Instruct it to skip networking and enable named pipes. skip-networking enable-named-pipe # Define the Pipe the MySQL Server will use. socket=mysql |
This allows only users on the local system to connect to the database. You can test it by running the following PHP program as a command-line process form the server.
1 2 3 4 5 6 7 8 9 10 11 12 | <?php // Attempt to connect to your database. $c = @mysqli_connect("localhost", "username", "password", "somedb"); if (!$c) { print "Sorry! The connection to the database failed."; die(); } else { // Initialize a statement in the scope of the connection. print "Congrats! You've connected to a MySQL database!"; } ?> |
You call a command-line PHP program like this:
php phpConnect.php |
It would fail when you call it from the Apache web server’s htdocs folder because network communication across TCP/IP is closed. Only local sockets are available across the mysql pipe. There’s no magic to the pipe name of mysql but it’s the default pipe name convention.
Subscribe via RSS