Paul Schmehl wrote:
--On April 6, 2009 11:41:06 PM -0400 DAve <dave.l...@pixelhammer.com> wrote:


Olivier Nicole wrote:
Hi,

Has anyone setup two instances of MySQL on the same server? One
running  just a client's DBs? Any advice would be helpful.

That is not answering your question directly, but MySQL works finr
over an SSH tunnel.

You'd have your users connect/authenticate with SSH first to establish
the tunnel, then they'd use the tunnel to forward the NySQl
connection.

I doubt the would be an option without a GUI to do everything for the
user. I suggested a VPN which we can setup easily with a Cisco Client.
No answer back from the account manager on that option.


If your client needs a gui to access mysql, why not use phpmyadmin (or a similar gui-based admin utility) and restrict access to his IP(s)? You can do this with your firewall rules or by using .htaccess. You can also force SSL connections, which would protect against MITM attacks on a cleartext session.

Nope, no web based php admin tools here. Won't touch them. I ahve enough security items to track every day.


(You can also require SSL and secure auth for the db and restrict access by IP using the format usern...@fqdn, but you stated that you're not comfortable depending *only* upon mysql's security capabilities.)

However, I would suggest that you provide, as you suggest, a separate instance of mysql just for this client as well. If they screw up the instance they won't affect other customers. To run a separate instance, I would suggest using different names for the binaries, conf files and datadir. This can be easily done using symlinks; e.g. mysql and mysql-special. Then copy the startup script in /usr/local/etc/rc.d/, rename it to mysql-special and edit it to change all references to the newly-named instance. Use a my-special.cnf file for the special instance and reference it in /etc/rc.conf using mysql_args=.

Thanks, looks like it would be doable. I do plan to use a separate my.cnf, separate logging, and even a seperate mysql DB. I was going to share the binaries but I may rethink that decision after your suggestion.

Thanks for the response.

DAve


--
"Posterity, you will know how much it cost the present generation to
preserve your freedom.  I hope you will make good use of it.  If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Quincy Adams

http://appleseedinfo.org

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to