MySQL Local Connect Only
Somebody asked if you really have to run the MySQL Configuration Wizard when you want to shut out network connections. The answer is no.
If you want to secure the database server to perform maintenance, you can comment out the port assignment line in the [mysqld]
section and add the following in the same section:
# The TCP/IP Port the MySQL Server will listen on # port=3306 # Instruct it to skip networking and enable named pipes. skip-networking enable-named-pipe # Define the Pipe the MySQL Server will use. socket=mysql |
This allows only users on the local system to connect to the database. You can test it by running the following PHP program as a command-line process form the server.
1 2 3 4 5 6 7 8 9 10 11 12 | <?php // Attempt to connect to your database. $c = @mysqli_connect("localhost", "username", "password", "somedb"); if (!$c) { print "Sorry! The connection to the database failed."; die(); } else { // Initialize a statement in the scope of the connection. print "Congrats! You've connected to a MySQL database!"; } ?> |
You call a command-line PHP program like this:
php phpConnect.php |
It would fail when you call it from the Apache web server’s htdocs
folder because network communication across TCP/IP is closed. Only local sockets are available across the mysql
pipe. There’s no magic to the pipe name of mysql
but it’s the default pipe name convention.