限制来自本地主机的 MySQL 连接以提高安全性 [英] Restricting MySQL connections from localhost to improve security

查看:144
本文介绍了限制来自本地主机的 MySQL 连接以提高安全性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我听说任何知道我的 MySQL 用户名和密码的人都可以访问它,即使它只监听 localhost.

I heard that anyone that knows my MySQL Username and Password can access it, Even if it's listening only to localhost.

假设我的信息如下:

USER: root
PASS: 123456
Host: LOCALHOST (only)

那里的任何人(本地)怎么可能访问它?

How is it possible that anyone out there (local) can access it?

推荐答案

如果您将远程主机的访问限制为您的用户名和密码,那么其他人将无法从外部访问数据库.

If you restrict access from remote hosts to your usernames and passwords then someone won't be able to access the database externally.

您还可以将防火墙配置为仅允许从 localhost 机器到 3306(MySQL 默认端口)的流量.

You could also configure your firewall to only allow traffic to 3306 (MySQL Default Port) from the localhost machine.

更新

设置您的用户,使他们只能通过 LOCALHOST 使用:

To setup your user so they can only access through LOCALHOST use:

GRANT ALL PRIVILEGES ON *.* TO db_user @'localhost' IDENTIFIED BY 'db_passwd';
GRANT ALL PRIVILEGES ON *.* TO db_user @'127.0.0.1' IDENTIFIED BY 'db_passwd';

另外,将您的 MySQL 服务器绑定到本地地址.您可以通过编辑 my.cnf[mysqld] 部分来做到这一点:

Also, bind your MySQL server to the local address. You can do this by editing the [mysqld] section of my.cnf:

[mysqld]
bind-address = 127.0.0.1

这篇关于限制来自本地主机的 MySQL 连接以提高安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆