Many commercial hosts block outside database connections, so you may have to add your home or office IP address to a remote access list. Configuring MySQL Workbench to Connect to Your Database This will cover everything for you in one spot, in case you’ve never done so. We will also cover the necessary configuration to connect to your database with MySQL Workbench. In this tutorial, we will go through the steps to restore a database from a backup. Let’s see what it takes to restore a MySQL database with Workbench.īefore we get started, our tutorial, “Making a MySQL Database Backup With MySQL Workbench,” covers the backup part of the equation (using MySQL Workbench). Hope this answer is the answer you were looking for.If you perform your own database backups, it’s also possible to do your own database restoration without relying on a host or third party. Now if you try to connect you will still be asked for a password (which you defined earlier) but it's over SSL :) In the fields below select ca-cert.pem for your SSL CA File, cielnt-cert.pem for SSL CERT File and client-key.pem for SSL Key File. In the conenction tab, select the SSL sub-tab and select "use SSL require". In mysql workbench open up the Server connection management and edit your existing connection towards your server. Now copy the ca-cert.pem, client-key.pem and client-cert.pem to your remote pc where your mysql workbench is situated. Openssl x509 -sha256 -req -in client-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem Openssl rsa -in client-key.pem -out client-key.pem So, still on the mysql server execute the following: openssl req -sha256 -newkey rsa:4096 -days 730 -nodes -keyout client-key.pem > client-req.pem Okay so now we have a SSL mysql server which accepts remote connections over SSL from your particular ip, but we still need to generate client certificates: Now you have your mysql server running with server certificates, next we will add a users from a specific address (your remote static ip if possible) so in your mysql console execute the following: GRANT ALL PRIVILEGES ON 'database'.* TO IDENTIFIED BY 'password' REQUIRE SSL Restart your mysql service: service mysql restart Now in your my.cnf (located in /etc/mysql/my.cnf) edit the mysqld section and add the follwoing: Next create a new private key for the mysql server (again, default questions): openssl req -sha256 -newkey rsa:4096 -days 730 -nodes -keyout server-key.pem > server-req.pemĮxport private key: openssl rsa -in server-key.pem -out server-key.pemĬreate server certificate: openssl x509 -sha256 -req -in server-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem Generate the certificate using the key previously created (answer the default questions): openssl req -sha256 -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem Gernerate the CA ca private key: openssl genrsa 4096 > ca-key.pem On the mysql-server, generate a mysql ssl certificate: I've sumarized the steps you need to follow assuming you run a mysql server on linux: If you really need a remote connection use SSL. Think of remote mysql server exploits etc. In case of personal files you could even get sued in some countries for neglecting/ignoring safety guidelines for personal data.ģ: SQL port open on the internet is alway an extra attack vector for a potential malicious user. Your queries that you send (and their responses) are send in plain text again you DO NOT want that as one can easily tamper that data.įurthermore having query results back in plain text which could contain sensitive information is a whole other issue. Your login data gets transferred plaintext over the internet you DO NOT want that obviously :) To give an answer on your question: No it's not safe. With both of these approaches you can bind MySQL to localhost only it's the most secure option. Use VPN and allow connections from the internal VPN network only. This example binds local port 13306 and tunnel connections to localhost:3306 on remote side: ssh -L 13306:localhost:3306 Use a SSH tunnel and you can connect your MySQL server just like the Workbench was there. Considering the effort needed for the access control and securing the SQL connection with OpenSSL, they are much more practical: But there are other ways of securing the connection to your SQL server, too. If you really need to have direct connection between your local Workbench and remote MySQL Server, Use Secure Connections. This increases security as it also prevents using any potential exploits. While the user also have list of allowed hosts, 6.1.1 Security Guidelines suggests doing this on firewall level, before the hosts even gets connected to your MySQL Server (default port 3306). The MySQL Reference Manual has a whole Chapter 6 for Security.įirst, you shouldn't allow connections from anywhere over the internet, but only from the known trusted hosts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |